xref: /openssl/test/tls-provider.c (revision 1cf2f823)
1 /*
2  * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved.
3  *
4  * Licensed under the Apache License 2.0 (the "License").  You may not use
5  * this file except in compliance with the License.  You can obtain a copy
6  * in the file LICENSE in the source distribution or at
7  * https://www.openssl.org/source/license.html
8  */
9 
10 #include <string.h>
11 #include <openssl/core_names.h>
12 #include <openssl/core_dispatch.h>
13 #include <openssl/rand.h>
14 #include <openssl/params.h>
15 #include <openssl/err.h>
16 #include <openssl/proverr.h>
17 #include <openssl/pkcs12.h>
18 #include <openssl/provider.h>
19 #include <assert.h>
20 #include <openssl/asn1.h>
21 #include <openssl/asn1t.h>
22 #include <openssl/core_object.h>
23 #include "internal/asn1.h"
24 /* For TLS1_3_VERSION */
25 #include <openssl/ssl.h>
26 #include "internal/nelem.h"
27 #include "internal/refcount.h"
28 
29 /* error codes */
30 
31 /* xorprovider error codes */
32 #define XORPROV_R_INVALID_DIGEST                            1
33 #define XORPROV_R_INVALID_SIZE                              2
34 #define XORPROV_R_INVALID_KEY                               3
35 #define XORPROV_R_UNSUPPORTED                               4
36 #define XORPROV_R_MISSING_OID                               5
37 #define XORPROV_R_OBJ_CREATE_ERR                            6
38 #define XORPROV_R_INVALID_ENCODING                          7
39 #define XORPROV_R_SIGN_ERROR                                8
40 #define XORPROV_R_LIB_CREATE_ERR                            9
41 #define XORPROV_R_NO_PRIVATE_KEY                            10
42 #define XORPROV_R_BUFFER_LENGTH_WRONG                       11
43 #define XORPROV_R_SIGNING_FAILED                            12
44 #define XORPROV_R_WRONG_PARAMETERS                          13
45 #define XORPROV_R_VERIFY_ERROR                              14
46 #define XORPROV_R_EVPINFO_MISSING                           15
47 
48 static OSSL_FUNC_keymgmt_import_fn xor_import;
49 static OSSL_FUNC_keymgmt_import_types_fn xor_import_types;
50 static OSSL_FUNC_keymgmt_import_types_ex_fn xor_import_types_ex;
51 static OSSL_FUNC_keymgmt_export_fn xor_export;
52 static OSSL_FUNC_keymgmt_export_types_fn xor_export_types;
53 static OSSL_FUNC_keymgmt_export_types_ex_fn xor_export_types_ex;
54 
55 int tls_provider_init(const OSSL_CORE_HANDLE *handle,
56                       const OSSL_DISPATCH *in,
57                       const OSSL_DISPATCH **out,
58                       void **provctx);
59 
60 #define XOR_KEY_SIZE 32
61 
62 /*
63  * Top secret. This algorithm only works if no one knows what this number is.
64  * Please don't tell anyone what it is.
65  *
66  * This algorithm is for testing only - don't really use it!
67  */
68 static const unsigned char private_constant[XOR_KEY_SIZE] = {
69     0xd3, 0x6b, 0x54, 0xec, 0x5b, 0xac, 0x89, 0x96, 0x8c, 0x2c, 0x66, 0xa5,
70     0x67, 0x0d, 0xe3, 0xdd, 0x43, 0x69, 0xbc, 0x83, 0x3d, 0x60, 0xc7, 0xb8,
71     0x2b, 0x1c, 0x5a, 0xfd, 0xb5, 0xcd, 0xd0, 0xf8
72 };
73 
74 typedef struct xorkey_st {
75     unsigned char privkey[XOR_KEY_SIZE];
76     unsigned char pubkey[XOR_KEY_SIZE];
77     int hasprivkey;
78     int haspubkey;
79     char *tls_name;
80     CRYPTO_REF_COUNT references;
81 } XORKEY;
82 
83 /* Key Management for the dummy XOR KEX, KEM and signature algorithms */
84 
85 static OSSL_FUNC_keymgmt_new_fn xor_newkey;
86 static OSSL_FUNC_keymgmt_free_fn xor_freekey;
87 static OSSL_FUNC_keymgmt_has_fn xor_has;
88 static OSSL_FUNC_keymgmt_dup_fn xor_dup;
89 static OSSL_FUNC_keymgmt_gen_init_fn xor_gen_init;
90 static OSSL_FUNC_keymgmt_gen_set_params_fn xor_gen_set_params;
91 static OSSL_FUNC_keymgmt_gen_settable_params_fn xor_gen_settable_params;
92 static OSSL_FUNC_keymgmt_gen_fn xor_gen;
93 static OSSL_FUNC_keymgmt_gen_cleanup_fn xor_gen_cleanup;
94 static OSSL_FUNC_keymgmt_load_fn xor_load;
95 static OSSL_FUNC_keymgmt_get_params_fn xor_get_params;
96 static OSSL_FUNC_keymgmt_gettable_params_fn xor_gettable_params;
97 static OSSL_FUNC_keymgmt_set_params_fn xor_set_params;
98 static OSSL_FUNC_keymgmt_settable_params_fn xor_settable_params;
99 
100 /*
101  * Dummy "XOR" Key Exchange algorithm. We just xor the private and public keys
102  * together. Don't use this!
103  */
104 
105 static OSSL_FUNC_keyexch_newctx_fn xor_newkemkexctx;
106 static OSSL_FUNC_keyexch_init_fn xor_init;
107 static OSSL_FUNC_keyexch_set_peer_fn xor_set_peer;
108 static OSSL_FUNC_keyexch_derive_fn xor_derive;
109 static OSSL_FUNC_keyexch_freectx_fn xor_freectx;
110 static OSSL_FUNC_keyexch_dupctx_fn xor_dupctx;
111 
112 /*
113  * Dummy "XOR" Key Encapsulation Method. We just build a KEM over the xor KEX.
114  * Don't use this!
115  */
116 
117 static OSSL_FUNC_kem_newctx_fn xor_newkemkexctx;
118 static OSSL_FUNC_kem_freectx_fn xor_freectx;
119 static OSSL_FUNC_kem_dupctx_fn xor_dupctx;
120 static OSSL_FUNC_kem_encapsulate_init_fn xor_init;
121 static OSSL_FUNC_kem_encapsulate_fn xor_encapsulate;
122 static OSSL_FUNC_kem_decapsulate_init_fn xor_init;
123 static OSSL_FUNC_kem_decapsulate_fn xor_decapsulate;
124 
125 /*
126  * Common key management table access functions
127  */
128 static OSSL_FUNC_keymgmt_new_fn *
xor_prov_get_keymgmt_new(const OSSL_DISPATCH * fns)129 xor_prov_get_keymgmt_new(const OSSL_DISPATCH *fns)
130 {
131     /* Pilfer the keymgmt dispatch table */
132     for (; fns->function_id != 0; fns++)
133         if (fns->function_id == OSSL_FUNC_KEYMGMT_NEW)
134             return OSSL_FUNC_keymgmt_new(fns);
135 
136     return NULL;
137 }
138 
139 static OSSL_FUNC_keymgmt_free_fn *
xor_prov_get_keymgmt_free(const OSSL_DISPATCH * fns)140 xor_prov_get_keymgmt_free(const OSSL_DISPATCH *fns)
141 {
142     /* Pilfer the keymgmt dispatch table */
143     for (; fns->function_id != 0; fns++)
144         if (fns->function_id == OSSL_FUNC_KEYMGMT_FREE)
145             return OSSL_FUNC_keymgmt_free(fns);
146 
147     return NULL;
148 }
149 
150 static OSSL_FUNC_keymgmt_import_fn *
xor_prov_get_keymgmt_import(const OSSL_DISPATCH * fns)151 xor_prov_get_keymgmt_import(const OSSL_DISPATCH *fns)
152 {
153     /* Pilfer the keymgmt dispatch table */
154     for (; fns->function_id != 0; fns++)
155         if (fns->function_id == OSSL_FUNC_KEYMGMT_IMPORT)
156             return OSSL_FUNC_keymgmt_import(fns);
157 
158     return NULL;
159 }
160 
161 static OSSL_FUNC_keymgmt_export_fn *
xor_prov_get_keymgmt_export(const OSSL_DISPATCH * fns)162 xor_prov_get_keymgmt_export(const OSSL_DISPATCH *fns)
163 {
164     /* Pilfer the keymgmt dispatch table */
165     for (; fns->function_id != 0; fns++)
166         if (fns->function_id == OSSL_FUNC_KEYMGMT_EXPORT)
167             return OSSL_FUNC_keymgmt_export(fns);
168 
169     return NULL;
170 }
171 
xor_prov_import_key(const OSSL_DISPATCH * fns,void * provctx,int selection,const OSSL_PARAM params[])172 static void *xor_prov_import_key(const OSSL_DISPATCH *fns, void *provctx,
173                            int selection, const OSSL_PARAM params[])
174 {
175     OSSL_FUNC_keymgmt_new_fn *kmgmt_new = xor_prov_get_keymgmt_new(fns);
176     OSSL_FUNC_keymgmt_free_fn *kmgmt_free = xor_prov_get_keymgmt_free(fns);
177     OSSL_FUNC_keymgmt_import_fn *kmgmt_import =
178         xor_prov_get_keymgmt_import(fns);
179     void *key = NULL;
180 
181     if (kmgmt_new != NULL && kmgmt_import != NULL && kmgmt_free != NULL) {
182         if ((key = kmgmt_new(provctx)) == NULL
183             || !kmgmt_import(key, selection, params)) {
184             kmgmt_free(key);
185             key = NULL;
186         }
187     }
188     return key;
189 }
190 
xor_prov_free_key(const OSSL_DISPATCH * fns,void * key)191 static void xor_prov_free_key(const OSSL_DISPATCH *fns, void *key)
192 {
193     OSSL_FUNC_keymgmt_free_fn *kmgmt_free = xor_prov_get_keymgmt_free(fns);
194 
195     if (kmgmt_free != NULL)
196         kmgmt_free(key);
197 }
198 
199 /*
200  * We define 2 dummy TLS groups called "xorgroup" and "xorkemgroup" for test
201  * purposes
202  */
203 struct tls_group_st {
204     unsigned int group_id; /* for "tls-group-id", see provider-base(7) */
205     unsigned int secbits;
206     unsigned int mintls;
207     unsigned int maxtls;
208     unsigned int mindtls;
209     unsigned int maxdtls;
210     unsigned int is_kem; /* boolean */
211 };
212 
213 #define XORGROUP_NAME "xorgroup"
214 #define XORGROUP_NAME_INTERNAL "xorgroup-int"
215 static struct tls_group_st xor_group = {
216     0,                  /* group_id, set by randomize_tls_alg_id() */
217     128,                /* secbits */
218     TLS1_3_VERSION,     /* mintls */
219     0,                  /* maxtls */
220     -1,                 /* mindtls */
221     -1,                 /* maxdtls */
222     0                   /* is_kem */
223 };
224 
225 #define XORKEMGROUP_NAME "xorkemgroup"
226 #define XORKEMGROUP_NAME_INTERNAL "xorkemgroup-int"
227 static struct tls_group_st xor_kemgroup = {
228     0,                  /* group_id, set by randomize_tls_alg_id() */
229     128,                /* secbits */
230     TLS1_3_VERSION,     /* mintls */
231     0,                  /* maxtls */
232     -1,                 /* mindtls */
233     -1,                 /* maxdtls */
234     1                   /* is_kem */
235 };
236 
237 #define ALGORITHM "XOR"
238 
239 static const OSSL_PARAM xor_group_params[] = {
240     OSSL_PARAM_utf8_string(OSSL_CAPABILITY_TLS_GROUP_NAME,
241                            XORGROUP_NAME, sizeof(XORGROUP_NAME)),
242     OSSL_PARAM_utf8_string(OSSL_CAPABILITY_TLS_GROUP_NAME_INTERNAL,
243                            XORGROUP_NAME_INTERNAL,
244                            sizeof(XORGROUP_NAME_INTERNAL)),
245     OSSL_PARAM_utf8_string(OSSL_CAPABILITY_TLS_GROUP_ALG, ALGORITHM,
246                            sizeof(ALGORITHM)),
247     OSSL_PARAM_uint(OSSL_CAPABILITY_TLS_GROUP_ID, &xor_group.group_id),
248     OSSL_PARAM_uint(OSSL_CAPABILITY_TLS_GROUP_SECURITY_BITS,
249                     &xor_group.secbits),
250     OSSL_PARAM_int(OSSL_CAPABILITY_TLS_GROUP_MIN_TLS, &xor_group.mintls),
251     OSSL_PARAM_int(OSSL_CAPABILITY_TLS_GROUP_MAX_TLS, &xor_group.maxtls),
252     OSSL_PARAM_int(OSSL_CAPABILITY_TLS_GROUP_MIN_DTLS, &xor_group.mindtls),
253     OSSL_PARAM_int(OSSL_CAPABILITY_TLS_GROUP_MAX_DTLS, &xor_group.maxdtls),
254     OSSL_PARAM_uint(OSSL_CAPABILITY_TLS_GROUP_IS_KEM, &xor_group.is_kem),
255     OSSL_PARAM_END
256 };
257 
258 static const OSSL_PARAM xor_kemgroup_params[] = {
259     OSSL_PARAM_utf8_string(OSSL_CAPABILITY_TLS_GROUP_NAME,
260                            XORKEMGROUP_NAME, sizeof(XORKEMGROUP_NAME)),
261     OSSL_PARAM_utf8_string(OSSL_CAPABILITY_TLS_GROUP_NAME_INTERNAL,
262                            XORKEMGROUP_NAME_INTERNAL,
263                            sizeof(XORKEMGROUP_NAME_INTERNAL)),
264     OSSL_PARAM_utf8_string(OSSL_CAPABILITY_TLS_GROUP_ALG, ALGORITHM,
265                            sizeof(ALGORITHM)),
266     OSSL_PARAM_uint(OSSL_CAPABILITY_TLS_GROUP_ID, &xor_kemgroup.group_id),
267     OSSL_PARAM_uint(OSSL_CAPABILITY_TLS_GROUP_SECURITY_BITS,
268                     &xor_kemgroup.secbits),
269     OSSL_PARAM_int(OSSL_CAPABILITY_TLS_GROUP_MIN_TLS, &xor_kemgroup.mintls),
270     OSSL_PARAM_int(OSSL_CAPABILITY_TLS_GROUP_MAX_TLS, &xor_kemgroup.maxtls),
271     OSSL_PARAM_int(OSSL_CAPABILITY_TLS_GROUP_MIN_DTLS, &xor_kemgroup.mindtls),
272     OSSL_PARAM_int(OSSL_CAPABILITY_TLS_GROUP_MAX_DTLS, &xor_kemgroup.maxdtls),
273     OSSL_PARAM_uint(OSSL_CAPABILITY_TLS_GROUP_IS_KEM, &xor_kemgroup.is_kem),
274     OSSL_PARAM_END
275 };
276 
277 #define NUM_DUMMY_GROUPS 50
278 static char *dummy_group_names[NUM_DUMMY_GROUPS];
279 
280 /*
281  * We define a dummy TLS sigalg called for test purposes
282  */
283 struct tls_sigalg_st {
284     unsigned int code_point; /* for "tls-sigalg-alg", see provider-base(7) */
285     unsigned int secbits;
286     unsigned int mintls;
287     unsigned int maxtls;
288 };
289 
290 #define XORSIGALG_NAME "xorhmacsig"
291 #define XORSIGALG_OID "1.3.6.1.4.1.16604.998888.1"
292 #define XORSIGALG_HASH_NAME "xorhmacsha2sig"
293 #define XORSIGALG_HASH "SHA256"
294 #define XORSIGALG_HASH_OID "1.3.6.1.4.1.16604.998888.2"
295 #define XORSIGALG12_NAME "xorhmacsig12"
296 #define XORSIGALG12_OID "1.3.6.1.4.1.16604.998888.3"
297 
298 static struct tls_sigalg_st xor_sigalg = {
299     0,                  /* alg id, set by randomize_tls_alg_id() */
300     128,                /* secbits */
301     TLS1_3_VERSION,     /* mintls */
302     0,                  /* maxtls */
303 };
304 
305 static struct tls_sigalg_st xor_sigalg_hash = {
306     0,                  /* alg id, set by randomize_tls_alg_id() */
307     128,                /* secbits */
308     TLS1_3_VERSION,     /* mintls */
309     0,                  /* maxtls */
310 };
311 
312 static struct tls_sigalg_st xor_sigalg12 = {
313     0,                  /* alg id, set by randomize_tls_alg_id() */
314     128,                /* secbits */
315     TLS1_2_VERSION,     /* mintls */
316     TLS1_2_VERSION,     /* maxtls */
317 };
318 
319 static const OSSL_PARAM xor_sig_nohash_params[] = {
320     OSSL_PARAM_utf8_string(OSSL_CAPABILITY_TLS_SIGALG_IANA_NAME,
321                            XORSIGALG_NAME, sizeof(XORSIGALG_NAME)),
322     OSSL_PARAM_utf8_string(OSSL_CAPABILITY_TLS_SIGALG_NAME,
323                            XORSIGALG_NAME,
324                            sizeof(XORSIGALG_NAME)),
325     OSSL_PARAM_utf8_string(OSSL_CAPABILITY_TLS_SIGALG_OID,
326                            XORSIGALG_OID, sizeof(XORSIGALG_OID)),
327     OSSL_PARAM_uint(OSSL_CAPABILITY_TLS_SIGALG_CODE_POINT,
328                     &xor_sigalg.code_point),
329     OSSL_PARAM_uint(OSSL_CAPABILITY_TLS_SIGALG_SECURITY_BITS,
330                     &xor_sigalg.secbits),
331     OSSL_PARAM_int(OSSL_CAPABILITY_TLS_SIGALG_MIN_TLS,
332                    &xor_sigalg.mintls),
333     OSSL_PARAM_int(OSSL_CAPABILITY_TLS_SIGALG_MAX_TLS,
334                    &xor_sigalg.maxtls),
335     OSSL_PARAM_END
336 };
337 
338 static const OSSL_PARAM xor_sig_hash_params[] = {
339     OSSL_PARAM_utf8_string(OSSL_CAPABILITY_TLS_SIGALG_IANA_NAME,
340                            XORSIGALG_HASH_NAME, sizeof(XORSIGALG_HASH_NAME)),
341     OSSL_PARAM_utf8_string(OSSL_CAPABILITY_TLS_SIGALG_NAME,
342                            XORSIGALG_HASH_NAME,
343                            sizeof(XORSIGALG_HASH_NAME)),
344     OSSL_PARAM_utf8_string(OSSL_CAPABILITY_TLS_SIGALG_HASH_NAME,
345                            XORSIGALG_HASH, sizeof(XORSIGALG_HASH)),
346     OSSL_PARAM_utf8_string(OSSL_CAPABILITY_TLS_SIGALG_OID,
347                            XORSIGALG_HASH_OID, sizeof(XORSIGALG_HASH_OID)),
348     OSSL_PARAM_uint(OSSL_CAPABILITY_TLS_SIGALG_CODE_POINT,
349                     &xor_sigalg_hash.code_point),
350     OSSL_PARAM_uint(OSSL_CAPABILITY_TLS_SIGALG_SECURITY_BITS,
351                     &xor_sigalg_hash.secbits),
352     OSSL_PARAM_int(OSSL_CAPABILITY_TLS_SIGALG_MIN_TLS,
353                    &xor_sigalg_hash.mintls),
354     OSSL_PARAM_int(OSSL_CAPABILITY_TLS_SIGALG_MAX_TLS,
355                    &xor_sigalg_hash.maxtls),
356     OSSL_PARAM_END
357 };
358 
359 static const OSSL_PARAM xor_sig_12_params[] = {
360     OSSL_PARAM_utf8_string(OSSL_CAPABILITY_TLS_SIGALG_IANA_NAME,
361                            XORSIGALG12_NAME, sizeof(XORSIGALG12_NAME)),
362     OSSL_PARAM_utf8_string(OSSL_CAPABILITY_TLS_SIGALG_NAME,
363                            XORSIGALG12_NAME,
364                            sizeof(XORSIGALG12_NAME)),
365     OSSL_PARAM_utf8_string(OSSL_CAPABILITY_TLS_SIGALG_OID,
366                            XORSIGALG12_OID, sizeof(XORSIGALG12_OID)),
367     OSSL_PARAM_uint(OSSL_CAPABILITY_TLS_SIGALG_CODE_POINT,
368                     &xor_sigalg12.code_point),
369     OSSL_PARAM_uint(OSSL_CAPABILITY_TLS_SIGALG_SECURITY_BITS,
370                     &xor_sigalg12.secbits),
371     OSSL_PARAM_int(OSSL_CAPABILITY_TLS_SIGALG_MIN_TLS,
372                    &xor_sigalg12.mintls),
373     OSSL_PARAM_int(OSSL_CAPABILITY_TLS_SIGALG_MAX_TLS,
374                    &xor_sigalg12.maxtls),
375     OSSL_PARAM_END
376 };
377 
tls_prov_get_capabilities(void * provctx,const char * capability,OSSL_CALLBACK * cb,void * arg)378 static int tls_prov_get_capabilities(void *provctx, const char *capability,
379                                      OSSL_CALLBACK *cb, void *arg)
380 {
381     int ret = 0;
382     int i;
383     const char *dummy_base = "dummy";
384     const size_t dummy_name_max_size = strlen(dummy_base) + 3;
385 
386     if (strcmp(capability, "TLS-GROUP") == 0) {
387         /* Register our 2 groups */
388         OPENSSL_assert(xor_group.group_id >= 65024
389                        && xor_group.group_id < 65279 - NUM_DUMMY_GROUPS);
390         ret = cb(xor_group_params, arg);
391         ret &= cb(xor_kemgroup_params, arg);
392 
393         /*
394          * Now register some dummy groups > GROUPLIST_INCREMENT (== 40) as defined
395          * in ssl/t1_lib.c, to make sure we exercise the code paths for registering
396          * large numbers of groups.
397          */
398 
399         for (i = 0; i < NUM_DUMMY_GROUPS; i++) {
400             OSSL_PARAM dummygroup[OSSL_NELEM(xor_group_params)];
401             unsigned int dummygroup_id;
402 
403             memcpy(dummygroup, xor_group_params, sizeof(xor_group_params));
404 
405             /* Give the dummy group a unique name */
406             if (dummy_group_names[i] == NULL) {
407                 dummy_group_names[i] = OPENSSL_zalloc(dummy_name_max_size);
408                 if (dummy_group_names[i] == NULL)
409                     return 0;
410                 BIO_snprintf(dummy_group_names[i],
411                          dummy_name_max_size,
412                          "%s%d", dummy_base, i);
413             }
414             dummygroup[0].data = dummy_group_names[i];
415             dummygroup[0].data_size = strlen(dummy_group_names[i]) + 1;
416             /* assign unique group IDs also to dummy groups for registration */
417             dummygroup_id = 65279 - NUM_DUMMY_GROUPS + i;
418             dummygroup[3].data = (unsigned char*)&dummygroup_id;
419             ret &= cb(dummygroup, arg);
420         }
421     }
422 
423     if (strcmp(capability, "TLS-SIGALG") == 0) {
424         ret = cb(xor_sig_nohash_params, arg);
425         ret &= cb(xor_sig_hash_params, arg);
426         ret &= cb(xor_sig_12_params, arg);
427     }
428     return ret;
429 }
430 
431 typedef struct {
432     OSSL_LIB_CTX *libctx;
433 } PROV_XOR_CTX;
434 
xor_newprovctx(OSSL_LIB_CTX * libctx)435 static PROV_XOR_CTX *xor_newprovctx(OSSL_LIB_CTX *libctx)
436 {
437     PROV_XOR_CTX* prov_ctx = OPENSSL_malloc(sizeof(PROV_XOR_CTX));
438 
439     if (prov_ctx == NULL)
440         return NULL;
441 
442     if (libctx == NULL) {
443         OPENSSL_free(prov_ctx);
444         return NULL;
445     }
446     prov_ctx->libctx = libctx;
447     return prov_ctx;
448 }
449 
450 
451 
452 #define PROV_XOR_LIBCTX_OF(provctx) (((PROV_XOR_CTX *)provctx)->libctx)
453 
454 /*
455  * Dummy "XOR" Key Exchange and signature algorithm. We just xor the
456  * private and public keys together. Don't use this!
457  */
458 
459 typedef struct {
460     XORKEY *key;
461     XORKEY *peerkey;
462     void *provctx;
463 } PROV_XORKEMKEX_CTX;
464 
xor_newkemkexctx(void * provctx)465 static void *xor_newkemkexctx(void *provctx)
466 {
467     PROV_XORKEMKEX_CTX *pxorctx = OPENSSL_zalloc(sizeof(PROV_XORKEMKEX_CTX));
468 
469     if (pxorctx == NULL)
470         return NULL;
471 
472     pxorctx->provctx = provctx;
473 
474     return pxorctx;
475 }
476 
xor_init(void * vpxorctx,void * vkey,ossl_unused const OSSL_PARAM params[])477 static int xor_init(void *vpxorctx, void *vkey,
478                     ossl_unused const OSSL_PARAM params[])
479 {
480     PROV_XORKEMKEX_CTX *pxorctx = (PROV_XORKEMKEX_CTX *)vpxorctx;
481 
482     if (pxorctx == NULL || vkey == NULL)
483         return 0;
484     pxorctx->key = vkey;
485     return 1;
486 }
487 
xor_set_peer(void * vpxorctx,void * vpeerkey)488 static int xor_set_peer(void *vpxorctx, void *vpeerkey)
489 {
490     PROV_XORKEMKEX_CTX *pxorctx = (PROV_XORKEMKEX_CTX *)vpxorctx;
491 
492     if (pxorctx == NULL || vpeerkey == NULL)
493         return 0;
494     pxorctx->peerkey = vpeerkey;
495     return 1;
496 }
497 
xor_derive(void * vpxorctx,unsigned char * secret,size_t * secretlen,size_t outlen)498 static int xor_derive(void *vpxorctx, unsigned char *secret, size_t *secretlen,
499                       size_t outlen)
500 {
501     PROV_XORKEMKEX_CTX *pxorctx = (PROV_XORKEMKEX_CTX *)vpxorctx;
502     int i;
503 
504     if (pxorctx->key == NULL || pxorctx->peerkey == NULL)
505         return 0;
506 
507     *secretlen = XOR_KEY_SIZE;
508     if (secret == NULL)
509         return 1;
510 
511     if (outlen < XOR_KEY_SIZE)
512         return 0;
513 
514     for (i = 0; i < XOR_KEY_SIZE; i++)
515         secret[i] = pxorctx->key->privkey[i] ^ pxorctx->peerkey->pubkey[i];
516 
517     return 1;
518 }
519 
xor_freectx(void * pxorctx)520 static void xor_freectx(void *pxorctx)
521 {
522     OPENSSL_free(pxorctx);
523 }
524 
xor_dupctx(void * vpxorctx)525 static void *xor_dupctx(void *vpxorctx)
526 {
527     PROV_XORKEMKEX_CTX *srcctx = (PROV_XORKEMKEX_CTX *)vpxorctx;
528     PROV_XORKEMKEX_CTX *dstctx;
529 
530     dstctx = OPENSSL_zalloc(sizeof(*srcctx));
531     if (dstctx == NULL)
532         return NULL;
533 
534     *dstctx = *srcctx;
535 
536     return dstctx;
537 }
538 
539 static const OSSL_DISPATCH xor_keyexch_functions[] = {
540     { OSSL_FUNC_KEYEXCH_NEWCTX, (void (*)(void))xor_newkemkexctx },
541     { OSSL_FUNC_KEYEXCH_INIT, (void (*)(void))xor_init },
542     { OSSL_FUNC_KEYEXCH_DERIVE, (void (*)(void))xor_derive },
543     { OSSL_FUNC_KEYEXCH_SET_PEER, (void (*)(void))xor_set_peer },
544     { OSSL_FUNC_KEYEXCH_FREECTX, (void (*)(void))xor_freectx },
545     { OSSL_FUNC_KEYEXCH_DUPCTX, (void (*)(void))xor_dupctx },
546     OSSL_DISPATCH_END
547 };
548 
549 static const OSSL_ALGORITHM tls_prov_keyexch[] = {
550     /*
551      * Obviously this is not FIPS approved, but in order to test in conjunction
552      * with the FIPS provider we pretend that it is.
553      */
554     { "XOR", "provider=tls-provider,fips=yes", xor_keyexch_functions },
555     { NULL, NULL, NULL }
556 };
557 
558 /*
559  * Dummy "XOR" Key Encapsulation Method. We just build a KEM over the xor KEX.
560  * Don't use this!
561  */
562 
xor_encapsulate(void * vpxorctx,unsigned char * ct,size_t * ctlen,unsigned char * ss,size_t * sslen)563 static int xor_encapsulate(void *vpxorctx,
564                            unsigned char *ct, size_t *ctlen,
565                            unsigned char *ss, size_t *sslen)
566 {
567     /*
568      * We are building this around a KEX:
569      *
570      * 1. we generate ephemeral keypair
571      * 2. we encode our ephemeral pubkey as the outgoing ct
572      * 3. we derive using our ephemeral privkey in combination with the peer
573      *    pubkey from the ctx; the result is our ss.
574      */
575     int rv = 0;
576     void *genctx = NULL, *derivectx = NULL;
577     XORKEY *ourkey = NULL;
578     PROV_XORKEMKEX_CTX *pxorctx = vpxorctx;
579 
580     if (ct == NULL || ss == NULL) {
581         /* Just return sizes */
582 
583         if (ctlen == NULL && sslen == NULL)
584             return 0;
585         if (ctlen != NULL)
586             *ctlen = XOR_KEY_SIZE;
587         if (sslen != NULL)
588             *sslen = XOR_KEY_SIZE;
589         return 1;
590     }
591 
592     /* 1. Generate keypair */
593     genctx = xor_gen_init(pxorctx->provctx, OSSL_KEYMGMT_SELECT_KEYPAIR, NULL);
594     if (genctx == NULL)
595         goto end;
596     ourkey = xor_gen(genctx, NULL, NULL);
597     if (ourkey == NULL)
598         goto end;
599 
600     /* 2. Encode ephemeral pubkey as ct */
601     memcpy(ct, ourkey->pubkey, XOR_KEY_SIZE);
602     *ctlen = XOR_KEY_SIZE;
603 
604     /* 3. Derive ss via KEX */
605     derivectx = xor_newkemkexctx(pxorctx->provctx);
606     if (derivectx == NULL
607             || !xor_init(derivectx, ourkey, NULL)
608             || !xor_set_peer(derivectx, pxorctx->key)
609             || !xor_derive(derivectx, ss, sslen, XOR_KEY_SIZE))
610         goto end;
611 
612     rv = 1;
613 
614  end:
615     xor_gen_cleanup(genctx);
616     xor_freekey(ourkey);
617     xor_freectx(derivectx);
618     return rv;
619 }
620 
xor_decapsulate(void * vpxorctx,unsigned char * ss,size_t * sslen,const unsigned char * ct,size_t ctlen)621 static int xor_decapsulate(void *vpxorctx,
622                            unsigned char *ss, size_t *sslen,
623                            const unsigned char *ct, size_t ctlen)
624 {
625     /*
626      * We are building this around a KEX:
627      *
628      * - ct is our peer's pubkey
629      * - decapsulate is just derive.
630      */
631     int rv = 0;
632     void *derivectx = NULL;
633     XORKEY *peerkey = NULL;
634     PROV_XORKEMKEX_CTX *pxorctx = vpxorctx;
635 
636     if (ss == NULL) {
637         /* Just return size */
638         if (sslen == NULL)
639             return 0;
640         *sslen = XOR_KEY_SIZE;
641         return 1;
642     }
643 
644     if (ctlen != XOR_KEY_SIZE)
645         return 0;
646     peerkey = xor_newkey(pxorctx->provctx);
647     if (peerkey == NULL)
648         goto end;
649     memcpy(peerkey->pubkey, ct, XOR_KEY_SIZE);
650 
651     /* Derive ss via KEX */
652     derivectx = xor_newkemkexctx(pxorctx->provctx);
653     if (derivectx == NULL
654             || !xor_init(derivectx, pxorctx->key, NULL)
655             || !xor_set_peer(derivectx, peerkey)
656             || !xor_derive(derivectx, ss, sslen, XOR_KEY_SIZE))
657         goto end;
658 
659     rv = 1;
660 
661  end:
662     xor_freekey(peerkey);
663     xor_freectx(derivectx);
664     return rv;
665 }
666 
667 static const OSSL_DISPATCH xor_kem_functions[] = {
668     { OSSL_FUNC_KEM_NEWCTX, (void (*)(void))xor_newkemkexctx },
669     { OSSL_FUNC_KEM_FREECTX, (void (*)(void))xor_freectx },
670     { OSSL_FUNC_KEM_DUPCTX, (void (*)(void))xor_dupctx },
671     { OSSL_FUNC_KEM_ENCAPSULATE_INIT, (void (*)(void))xor_init },
672     { OSSL_FUNC_KEM_ENCAPSULATE, (void (*)(void))xor_encapsulate },
673     { OSSL_FUNC_KEM_DECAPSULATE_INIT, (void (*)(void))xor_init },
674     { OSSL_FUNC_KEM_DECAPSULATE, (void (*)(void))xor_decapsulate },
675     OSSL_DISPATCH_END
676 };
677 
678 static const OSSL_ALGORITHM tls_prov_kem[] = {
679     /*
680      * Obviously this is not FIPS approved, but in order to test in conjunction
681      * with the FIPS provider we pretend that it is.
682      */
683     { "XOR", "provider=tls-provider,fips=yes", xor_kem_functions },
684     { NULL, NULL, NULL }
685 };
686 
687 /* Key Management for the dummy XOR key exchange algorithm */
688 
xor_newkey(void * provctx)689 static void *xor_newkey(void *provctx)
690 {
691     XORKEY *ret = OPENSSL_zalloc(sizeof(XORKEY));
692 
693     if (ret == NULL)
694         return NULL;
695 
696     if (!CRYPTO_NEW_REF(&ret->references, 1)) {
697         OPENSSL_free(ret);
698         return NULL;
699     }
700 
701     return ret;
702 }
703 
xor_freekey(void * keydata)704 static void xor_freekey(void *keydata)
705 {
706     XORKEY* key = (XORKEY *)keydata;
707     int refcnt;
708 
709     if (key == NULL)
710         return;
711 
712     if (CRYPTO_DOWN_REF(&key->references, &refcnt) <= 0)
713         return;
714 
715     if (refcnt > 0)
716         return;
717     assert(refcnt == 0);
718 
719     if (key != NULL) {
720         OPENSSL_free(key->tls_name);
721         key->tls_name = NULL;
722     }
723     CRYPTO_FREE_REF(&key->references);
724     OPENSSL_free(key);
725 }
726 
xor_key_up_ref(XORKEY * key)727 static int xor_key_up_ref(XORKEY *key)
728 {
729     int refcnt;
730 
731     if (CRYPTO_UP_REF(&key->references, &refcnt) <= 0)
732         return 0;
733 
734     assert(refcnt > 1);
735     return (refcnt > 1);
736 }
737 
xor_has(const void * vkey,int selection)738 static int xor_has(const void *vkey, int selection)
739 {
740     const XORKEY *key = vkey;
741     int ok = 0;
742 
743     if (key != NULL) {
744         ok = 1;
745 
746         if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0)
747             ok = ok && key->haspubkey;
748         if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0)
749             ok = ok && key->hasprivkey;
750     }
751     return ok;
752 }
753 
xor_dup(const void * vfromkey,int selection)754 static void *xor_dup(const void *vfromkey, int selection)
755 {
756     XORKEY *tokey = xor_newkey(NULL);
757     const XORKEY *fromkey = vfromkey;
758     int ok = 0;
759 
760     if (tokey != NULL && fromkey != NULL) {
761         ok = 1;
762 
763         if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) {
764             if (fromkey->haspubkey) {
765                 memcpy(tokey->pubkey, fromkey->pubkey, XOR_KEY_SIZE);
766                 tokey->haspubkey = 1;
767             } else {
768                 tokey->haspubkey = 0;
769             }
770         }
771         if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) {
772             if (fromkey->hasprivkey) {
773                 memcpy(tokey->privkey, fromkey->privkey, XOR_KEY_SIZE);
774                 tokey->hasprivkey = 1;
775             } else {
776                 tokey->hasprivkey = 0;
777             }
778         }
779         if (fromkey->tls_name != NULL)
780             tokey->tls_name = OPENSSL_strdup(fromkey->tls_name);
781     }
782     if (!ok) {
783         xor_freekey(tokey);
784         tokey = NULL;
785     }
786     return tokey;
787 }
788 
xor_get_params(void * vkey,OSSL_PARAM params[])789 static ossl_inline int xor_get_params(void *vkey, OSSL_PARAM params[])
790 {
791     XORKEY *key = vkey;
792     OSSL_PARAM *p;
793 
794     if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_BITS)) != NULL
795         && !OSSL_PARAM_set_int(p, XOR_KEY_SIZE))
796         return 0;
797 
798     if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_SECURITY_BITS)) != NULL
799         && !OSSL_PARAM_set_int(p, xor_group.secbits))
800         return 0;
801 
802     if ((p = OSSL_PARAM_locate(params,
803                                OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY)) != NULL) {
804         if (p->data_type != OSSL_PARAM_OCTET_STRING)
805             return 0;
806         p->return_size = XOR_KEY_SIZE;
807         if (p->data != NULL && p->data_size >= XOR_KEY_SIZE)
808             memcpy(p->data, key->pubkey, XOR_KEY_SIZE);
809     }
810 
811     return 1;
812 }
813 
814 static const OSSL_PARAM xor_params[] = {
815     OSSL_PARAM_int(OSSL_PKEY_PARAM_BITS, NULL),
816     OSSL_PARAM_int(OSSL_PKEY_PARAM_SECURITY_BITS, NULL),
817     OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY, NULL, 0),
818     OSSL_PARAM_END
819 };
820 
xor_gettable_params(void * provctx)821 static const OSSL_PARAM *xor_gettable_params(void *provctx)
822 {
823     return xor_params;
824 }
825 
xor_set_params(void * vkey,const OSSL_PARAM params[])826 static int xor_set_params(void *vkey, const OSSL_PARAM params[])
827 {
828     XORKEY *key = vkey;
829     const OSSL_PARAM *p;
830 
831     p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY);
832     if (p != NULL) {
833         if (p->data_type != OSSL_PARAM_OCTET_STRING
834                 || p->data_size != XOR_KEY_SIZE)
835             return 0;
836         memcpy(key->pubkey, p->data, XOR_KEY_SIZE);
837         key->haspubkey = 1;
838     }
839 
840     return 1;
841 }
842 
843 static const OSSL_PARAM xor_known_settable_params[] = {
844     OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY, NULL, 0),
845     OSSL_PARAM_END
846 };
847 
xor_load(const void * reference,size_t reference_sz)848 static void *xor_load(const void *reference, size_t reference_sz)
849 {
850     XORKEY *key = NULL;
851 
852     if (reference_sz == sizeof(key)) {
853         /* The contents of the reference is the address to our object */
854         key = *(XORKEY **)reference;
855         /* We grabbed, so we detach it */
856         *(XORKEY **)reference = NULL;
857         return key;
858     }
859     return NULL;
860 }
861 
862 /* check one key is the "XOR complement" of the other */
xor_recreate(const unsigned char * kd1,const unsigned char * kd2)863 static int xor_recreate(const unsigned char *kd1, const unsigned char *kd2) {
864     int i;
865 
866     for (i = 0; i < XOR_KEY_SIZE; i++) {
867         if ((kd1[i] & 0xff) != ((kd2[i] ^ private_constant[i]) & 0xff))
868             return 0;
869     }
870     return 1;
871 }
872 
xor_match(const void * keydata1,const void * keydata2,int selection)873 static int xor_match(const void *keydata1, const void *keydata2, int selection)
874 {
875     const XORKEY *key1 = keydata1;
876     const XORKEY *key2 = keydata2;
877     int ok = 1;
878 
879     if (key1->tls_name != NULL && key2->tls_name != NULL)
880         ok = ok & (strcmp(key1->tls_name, key2->tls_name) == 0);
881 
882     if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0)  {
883         if (key1->hasprivkey) {
884             if (key2->hasprivkey)
885                 ok = ok & (CRYPTO_memcmp(key1->privkey, key2->privkey,
886                                          XOR_KEY_SIZE) == 0);
887             else
888                 ok = ok & xor_recreate(key1->privkey, key2->pubkey);
889         } else {
890             if (key2->hasprivkey)
891                 ok = ok & xor_recreate(key2->privkey, key1->pubkey);
892             else
893                 ok = 0;
894         }
895     }
896 
897     if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0)  {
898         if (key1->haspubkey) {
899             if (key2->haspubkey)
900                 ok = ok & (CRYPTO_memcmp(key1->pubkey, key2->pubkey, XOR_KEY_SIZE) == 0);
901             else
902                 ok = ok & xor_recreate(key1->pubkey, key2->privkey);
903         } else {
904             if (key2->haspubkey)
905                 ok = ok & xor_recreate(key2->pubkey, key1->privkey);
906             else
907                 ok = 0;
908         }
909     }
910 
911     return ok;
912 }
913 
xor_settable_params(void * provctx)914 static const OSSL_PARAM *xor_settable_params(void *provctx)
915 {
916     return xor_known_settable_params;
917 }
918 
919 struct xor_gen_ctx {
920     int selection;
921     OSSL_LIB_CTX *libctx;
922 };
923 
xor_gen_init(void * provctx,int selection,const OSSL_PARAM params[])924 static void *xor_gen_init(void *provctx, int selection,
925                           const OSSL_PARAM params[])
926 {
927     struct xor_gen_ctx *gctx = NULL;
928 
929     if ((selection & (OSSL_KEYMGMT_SELECT_KEYPAIR
930                       | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS)) == 0)
931         return NULL;
932 
933     if ((gctx = OPENSSL_zalloc(sizeof(*gctx))) != NULL)
934         gctx->selection = selection;
935 
936     gctx->libctx = PROV_XOR_LIBCTX_OF(provctx);
937 
938     if (!xor_gen_set_params(gctx, params)) {
939         OPENSSL_free(gctx);
940         return NULL;
941     }
942     return gctx;
943 }
944 
xor_gen_set_params(void * genctx,const OSSL_PARAM params[])945 static int xor_gen_set_params(void *genctx, const OSSL_PARAM params[])
946 {
947     struct xor_gen_ctx *gctx = genctx;
948     const OSSL_PARAM *p;
949 
950     if (gctx == NULL)
951         return 0;
952 
953     p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_GROUP_NAME);
954     if (p != NULL) {
955         if (p->data_type != OSSL_PARAM_UTF8_STRING
956                 || (strcmp(p->data, XORGROUP_NAME_INTERNAL) != 0
957                     &&  strcmp(p->data, XORKEMGROUP_NAME_INTERNAL) != 0))
958             return 0;
959     }
960 
961     return 1;
962 }
963 
xor_gen_settable_params(ossl_unused void * genctx,ossl_unused void * provctx)964 static const OSSL_PARAM *xor_gen_settable_params(ossl_unused void *genctx,
965                                                  ossl_unused void *provctx)
966 {
967     static OSSL_PARAM settable[] = {
968         OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME, NULL, 0),
969         OSSL_PARAM_END
970     };
971     return settable;
972 }
973 
xor_gen(void * genctx,OSSL_CALLBACK * osslcb,void * cbarg)974 static void *xor_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg)
975 {
976     struct xor_gen_ctx *gctx = genctx;
977     XORKEY *key = xor_newkey(NULL);
978     size_t i;
979 
980     if (key == NULL)
981         return NULL;
982 
983     if ((gctx->selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) {
984         if (RAND_bytes_ex(gctx->libctx, key->privkey, XOR_KEY_SIZE, 0) <= 0) {
985             OPENSSL_free(key);
986             return NULL;
987         }
988         for (i = 0; i < XOR_KEY_SIZE; i++)
989             key->pubkey[i] = key->privkey[i] ^ private_constant[i];
990         key->hasprivkey = 1;
991         key->haspubkey = 1;
992     }
993 
994     return key;
995 }
996 
997 /* IMPORT + EXPORT */
998 
xor_import(void * vkey,int select,const OSSL_PARAM params[])999 static int xor_import(void *vkey, int select, const OSSL_PARAM params[])
1000 {
1001     XORKEY *key = vkey;
1002     const OSSL_PARAM *param_priv_key, *param_pub_key;
1003     unsigned char privkey[XOR_KEY_SIZE];
1004     unsigned char pubkey[XOR_KEY_SIZE];
1005     void *pprivkey = privkey, *ppubkey = pubkey;
1006     size_t priv_len = 0, pub_len = 0;
1007     int res = 0;
1008 
1009     if (key == NULL || (select & OSSL_KEYMGMT_SELECT_KEYPAIR) == 0)
1010         return 0;
1011 
1012     memset(privkey, 0, sizeof(privkey));
1013     memset(pubkey, 0, sizeof(pubkey));
1014     param_priv_key = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PRIV_KEY);
1015     param_pub_key = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PUB_KEY);
1016 
1017     if ((param_priv_key != NULL
1018          && !OSSL_PARAM_get_octet_string(param_priv_key, &pprivkey,
1019                                          sizeof(privkey), &priv_len))
1020         || (param_pub_key != NULL
1021             && !OSSL_PARAM_get_octet_string(param_pub_key, &ppubkey,
1022                                             sizeof(pubkey), &pub_len)))
1023         goto err;
1024 
1025     if (priv_len > 0) {
1026         memcpy(key->privkey, privkey, priv_len);
1027         key->hasprivkey = 1;
1028     }
1029     if (pub_len > 0) {
1030         memcpy(key->pubkey, pubkey, pub_len);
1031         key->haspubkey = 1;
1032     }
1033     res = 1;
1034  err:
1035     return res;
1036 }
1037 
xor_export(void * vkey,int select,OSSL_CALLBACK * param_cb,void * cbarg)1038 static int xor_export(void *vkey, int select, OSSL_CALLBACK *param_cb,
1039                       void *cbarg)
1040 {
1041     XORKEY *key = vkey;
1042     OSSL_PARAM params[3], *p = params;
1043 
1044     if (key == NULL || (select & OSSL_KEYMGMT_SELECT_KEYPAIR) == 0)
1045         return 0;
1046 
1047     *p++ = OSSL_PARAM_construct_octet_string(OSSL_PKEY_PARAM_PRIV_KEY,
1048                                              key->privkey,
1049                                              sizeof(key->privkey));
1050     *p++ = OSSL_PARAM_construct_octet_string(OSSL_PKEY_PARAM_PUB_KEY,
1051                                              key->pubkey, sizeof(key->pubkey));
1052     *p++ = OSSL_PARAM_construct_end();
1053 
1054     return param_cb(params, cbarg);
1055 }
1056 
1057 static const OSSL_PARAM xor_key_types[] = {
1058     OSSL_PARAM_BN(OSSL_PKEY_PARAM_PUB_KEY, NULL, 0),
1059     OSSL_PARAM_BN(OSSL_PKEY_PARAM_PRIV_KEY, NULL, 0),
1060     OSSL_PARAM_END
1061 };
1062 
xor_import_types(int select)1063 static const OSSL_PARAM *xor_import_types(int select)
1064 {
1065     return (select & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0 ? xor_key_types : NULL;
1066 }
1067 
xor_import_types_ex(void * provctx,int select)1068 static const OSSL_PARAM *xor_import_types_ex(void *provctx, int select)
1069 {
1070     if (provctx == NULL)
1071         return NULL;
1072 
1073     return xor_import_types(select);
1074 }
1075 
xor_export_types(int select)1076 static const OSSL_PARAM *xor_export_types(int select)
1077 {
1078     return (select & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0 ? xor_key_types : NULL;
1079 }
1080 
xor_export_types_ex(void * provctx,int select)1081 static const OSSL_PARAM *xor_export_types_ex(void *provctx, int select)
1082 {
1083     if (provctx == NULL)
1084         return NULL;
1085 
1086     return xor_export_types(select);
1087 }
1088 
xor_gen_cleanup(void * genctx)1089 static void xor_gen_cleanup(void *genctx)
1090 {
1091     OPENSSL_free(genctx);
1092 }
1093 
1094 static const OSSL_DISPATCH xor_keymgmt_functions[] = {
1095     { OSSL_FUNC_KEYMGMT_NEW, (void (*)(void))xor_newkey },
1096     { OSSL_FUNC_KEYMGMT_GEN_INIT, (void (*)(void))xor_gen_init },
1097     { OSSL_FUNC_KEYMGMT_GEN_SET_PARAMS, (void (*)(void))xor_gen_set_params },
1098     { OSSL_FUNC_KEYMGMT_GEN_SETTABLE_PARAMS,
1099       (void (*)(void))xor_gen_settable_params },
1100     { OSSL_FUNC_KEYMGMT_GEN, (void (*)(void))xor_gen },
1101     { OSSL_FUNC_KEYMGMT_GEN_CLEANUP, (void (*)(void))xor_gen_cleanup },
1102     { OSSL_FUNC_KEYMGMT_GET_PARAMS, (void (*) (void))xor_get_params },
1103     { OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS, (void (*) (void))xor_gettable_params },
1104     { OSSL_FUNC_KEYMGMT_SET_PARAMS, (void (*) (void))xor_set_params },
1105     { OSSL_FUNC_KEYMGMT_SETTABLE_PARAMS, (void (*) (void))xor_settable_params },
1106     { OSSL_FUNC_KEYMGMT_HAS, (void (*)(void))xor_has },
1107     { OSSL_FUNC_KEYMGMT_DUP, (void (*)(void))xor_dup },
1108     { OSSL_FUNC_KEYMGMT_FREE, (void (*)(void))xor_freekey },
1109     { OSSL_FUNC_KEYMGMT_IMPORT, (void (*)(void))xor_import },
1110     { OSSL_FUNC_KEYMGMT_IMPORT_TYPES, (void (*)(void))xor_import_types },
1111     { OSSL_FUNC_KEYMGMT_IMPORT_TYPES_EX, (void (*)(void))xor_import_types_ex },
1112     { OSSL_FUNC_KEYMGMT_EXPORT, (void (*)(void))xor_export },
1113     { OSSL_FUNC_KEYMGMT_EXPORT_TYPES, (void (*)(void))xor_export_types },
1114     { OSSL_FUNC_KEYMGMT_EXPORT_TYPES_EX, (void (*)(void))xor_export_types_ex },
1115     OSSL_DISPATCH_END
1116 };
1117 
1118 /* We're reusing most XOR keymgmt functions also for signature operations: */
xor_xorhmacsig_gen(void * genctx,OSSL_CALLBACK * osslcb,void * cbarg)1119 static void *xor_xorhmacsig_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg)
1120 {
1121     XORKEY *k = xor_gen(genctx, osslcb, cbarg);
1122 
1123     if (k == NULL)
1124         return NULL;
1125     k->tls_name = OPENSSL_strdup(XORSIGALG_NAME);
1126     if (k->tls_name == NULL) {
1127         xor_freekey(k);
1128         return NULL;
1129     }
1130     return k;
1131 }
1132 
xor_xorhmacsha2sig_gen(void * genctx,OSSL_CALLBACK * osslcb,void * cbarg)1133 static void *xor_xorhmacsha2sig_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg)
1134 {
1135     XORKEY* k = xor_gen(genctx, osslcb, cbarg);
1136 
1137     if (k == NULL)
1138         return NULL;
1139     k->tls_name = OPENSSL_strdup(XORSIGALG_HASH_NAME);
1140     if (k->tls_name == NULL) {
1141         xor_freekey(k);
1142         return NULL;
1143     }
1144     return k;
1145 }
1146 
1147 
1148 static const OSSL_DISPATCH xor_xorhmacsig_keymgmt_functions[] = {
1149     { OSSL_FUNC_KEYMGMT_NEW, (void (*)(void))xor_newkey },
1150     { OSSL_FUNC_KEYMGMT_GEN_INIT, (void (*)(void))xor_gen_init },
1151     { OSSL_FUNC_KEYMGMT_GEN_SET_PARAMS, (void (*)(void))xor_gen_set_params },
1152     { OSSL_FUNC_KEYMGMT_GEN_SETTABLE_PARAMS,
1153       (void (*)(void))xor_gen_settable_params },
1154     { OSSL_FUNC_KEYMGMT_GEN, (void (*)(void))xor_xorhmacsig_gen },
1155     { OSSL_FUNC_KEYMGMT_GEN_CLEANUP, (void (*)(void))xor_gen_cleanup },
1156     { OSSL_FUNC_KEYMGMT_GET_PARAMS, (void (*) (void))xor_get_params },
1157     { OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS, (void (*) (void))xor_gettable_params },
1158     { OSSL_FUNC_KEYMGMT_SET_PARAMS, (void (*) (void))xor_set_params },
1159     { OSSL_FUNC_KEYMGMT_SETTABLE_PARAMS, (void (*) (void))xor_settable_params },
1160     { OSSL_FUNC_KEYMGMT_HAS, (void (*)(void))xor_has },
1161     { OSSL_FUNC_KEYMGMT_DUP, (void (*)(void))xor_dup },
1162     { OSSL_FUNC_KEYMGMT_FREE, (void (*)(void))xor_freekey },
1163     { OSSL_FUNC_KEYMGMT_IMPORT, (void (*)(void))xor_import },
1164     { OSSL_FUNC_KEYMGMT_IMPORT_TYPES, (void (*)(void))xor_import_types },
1165     { OSSL_FUNC_KEYMGMT_EXPORT, (void (*)(void))xor_export },
1166     { OSSL_FUNC_KEYMGMT_EXPORT_TYPES, (void (*)(void))xor_export_types },
1167     { OSSL_FUNC_KEYMGMT_LOAD, (void (*)(void))xor_load },
1168     { OSSL_FUNC_KEYMGMT_MATCH, (void (*)(void))xor_match },
1169     OSSL_DISPATCH_END
1170 };
1171 
1172 static const OSSL_DISPATCH xor_xorhmacsha2sig_keymgmt_functions[] = {
1173     { OSSL_FUNC_KEYMGMT_NEW, (void (*)(void))xor_newkey },
1174     { OSSL_FUNC_KEYMGMT_GEN_INIT, (void (*)(void))xor_gen_init },
1175     { OSSL_FUNC_KEYMGMT_GEN_SET_PARAMS, (void (*)(void))xor_gen_set_params },
1176     { OSSL_FUNC_KEYMGMT_GEN_SETTABLE_PARAMS,
1177       (void (*)(void))xor_gen_settable_params },
1178     { OSSL_FUNC_KEYMGMT_GEN, (void (*)(void))xor_xorhmacsha2sig_gen },
1179     { OSSL_FUNC_KEYMGMT_GEN_CLEANUP, (void (*)(void))xor_gen_cleanup },
1180     { OSSL_FUNC_KEYMGMT_GET_PARAMS, (void (*) (void))xor_get_params },
1181     { OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS, (void (*) (void))xor_gettable_params },
1182     { OSSL_FUNC_KEYMGMT_SET_PARAMS, (void (*) (void))xor_set_params },
1183     { OSSL_FUNC_KEYMGMT_SETTABLE_PARAMS, (void (*) (void))xor_settable_params },
1184     { OSSL_FUNC_KEYMGMT_HAS, (void (*)(void))xor_has },
1185     { OSSL_FUNC_KEYMGMT_DUP, (void (*)(void))xor_dup },
1186     { OSSL_FUNC_KEYMGMT_FREE, (void (*)(void))xor_freekey },
1187     { OSSL_FUNC_KEYMGMT_IMPORT, (void (*)(void))xor_import },
1188     { OSSL_FUNC_KEYMGMT_IMPORT_TYPES, (void (*)(void))xor_import_types },
1189     { OSSL_FUNC_KEYMGMT_EXPORT, (void (*)(void))xor_export },
1190     { OSSL_FUNC_KEYMGMT_EXPORT_TYPES, (void (*)(void))xor_export_types },
1191     { OSSL_FUNC_KEYMGMT_LOAD, (void (*)(void))xor_load },
1192     { OSSL_FUNC_KEYMGMT_MATCH, (void (*)(void))xor_match },
1193     OSSL_DISPATCH_END
1194 };
1195 
1196 typedef enum {
1197     KEY_OP_PUBLIC,
1198     KEY_OP_PRIVATE,
1199     KEY_OP_KEYGEN
1200 } xor_key_op_t;
1201 
1202 /* Re-create XORKEY from encoding(s): Same end-state as after key-gen */
xor_key_op(const X509_ALGOR * palg,const unsigned char * p,int plen,xor_key_op_t op,OSSL_LIB_CTX * libctx,const char * propq)1203 static XORKEY *xor_key_op(const X509_ALGOR *palg,
1204                           const unsigned char *p, int plen,
1205                           xor_key_op_t op,
1206                           OSSL_LIB_CTX *libctx, const char *propq)
1207 {
1208     XORKEY *key = NULL;
1209     int nid = NID_undef;
1210 
1211     if (palg != NULL) {
1212         int ptype;
1213 
1214         /* Algorithm parameters must be absent */
1215         X509_ALGOR_get0(NULL, &ptype, NULL, palg);
1216         if (ptype != V_ASN1_UNDEF || palg->algorithm == NULL) {
1217             ERR_raise(ERR_LIB_USER, XORPROV_R_INVALID_ENCODING);
1218             return 0;
1219         }
1220         nid = OBJ_obj2nid(palg->algorithm);
1221     }
1222 
1223     if (p == NULL || nid == EVP_PKEY_NONE || nid == NID_undef) {
1224         ERR_raise(ERR_LIB_USER, XORPROV_R_INVALID_ENCODING);
1225         return 0;
1226     }
1227 
1228     key = xor_newkey(NULL);
1229     if (key == NULL) {
1230         ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE);
1231         return 0;
1232     }
1233 
1234     if (XOR_KEY_SIZE != plen) {
1235         ERR_raise(ERR_LIB_USER, XORPROV_R_INVALID_ENCODING);
1236         goto err;
1237     }
1238 
1239     if (op == KEY_OP_PUBLIC) {
1240         memcpy(key->pubkey, p, plen);
1241         key->haspubkey = 1;
1242     } else {
1243         memcpy(key->privkey, p, plen);
1244         key->hasprivkey = 1;
1245     }
1246 
1247     key->tls_name = OPENSSL_strdup(OBJ_nid2sn(nid));
1248     if (key->tls_name == NULL)
1249         goto err;
1250     return key;
1251 
1252  err:
1253     xor_freekey(key);
1254     return NULL;
1255 }
1256 
xor_key_from_x509pubkey(const X509_PUBKEY * xpk,OSSL_LIB_CTX * libctx,const char * propq)1257 static XORKEY *xor_key_from_x509pubkey(const X509_PUBKEY *xpk,
1258                                  OSSL_LIB_CTX *libctx, const char *propq)
1259 {
1260     const unsigned char *p;
1261     int plen;
1262     X509_ALGOR *palg;
1263 
1264     if (!xpk || (!X509_PUBKEY_get0_param(NULL, &p, &plen, &palg, xpk))) {
1265         return NULL;
1266     }
1267     return xor_key_op(palg, p, plen, KEY_OP_PUBLIC, libctx, propq);
1268 }
1269 
xor_key_from_pkcs8(const PKCS8_PRIV_KEY_INFO * p8inf,OSSL_LIB_CTX * libctx,const char * propq)1270 static XORKEY *xor_key_from_pkcs8(const PKCS8_PRIV_KEY_INFO *p8inf,
1271                            OSSL_LIB_CTX *libctx, const char *propq)
1272 {
1273     XORKEY *xork = NULL;
1274     const unsigned char *p;
1275     int plen;
1276     ASN1_OCTET_STRING *oct = NULL;
1277     const X509_ALGOR *palg;
1278 
1279     if (!PKCS8_pkey_get0(NULL, &p, &plen, &palg, p8inf))
1280         return 0;
1281 
1282     oct = d2i_ASN1_OCTET_STRING(NULL, &p, plen);
1283     if (oct == NULL) {
1284         p = NULL;
1285         plen = 0;
1286     } else {
1287         p = ASN1_STRING_get0_data(oct);
1288         plen = ASN1_STRING_length(oct);
1289     }
1290 
1291     xork = xor_key_op(palg, p, plen, KEY_OP_PRIVATE,
1292                       libctx, propq);
1293     ASN1_OCTET_STRING_free(oct);
1294     return xork;
1295 }
1296 
1297 static const OSSL_ALGORITHM tls_prov_keymgmt[] = {
1298     /*
1299      * Obviously this is not FIPS approved, but in order to test in conjunction
1300      * with the FIPS provider we pretend that it is.
1301      */
1302     { "XOR", "provider=tls-provider,fips=yes",
1303              xor_keymgmt_functions },
1304     { XORSIGALG_NAME, "provider=tls-provider,fips=yes",
1305              xor_xorhmacsig_keymgmt_functions },
1306     { XORSIGALG_HASH_NAME,
1307     "provider=tls-provider,fips=yes",
1308              xor_xorhmacsha2sig_keymgmt_functions },
1309     { NULL, NULL, NULL }
1310 };
1311 
1312 struct key2any_ctx_st {
1313     PROV_XOR_CTX *provctx;
1314 
1315     /* Set to 0 if parameters should not be saved (dsa only) */
1316     int save_parameters;
1317 
1318     /* Set to 1 if intending to encrypt/decrypt, otherwise 0 */
1319     int cipher_intent;
1320 
1321     EVP_CIPHER *cipher;
1322 
1323     OSSL_PASSPHRASE_CALLBACK *pwcb;
1324     void *pwcbarg;
1325 };
1326 
1327 typedef int check_key_type_fn(const void *key, int nid);
1328 typedef int key_to_paramstring_fn(const void *key, int nid, int save,
1329                                   void **str, int *strtype);
1330 typedef int key_to_der_fn(BIO *out, const void *key,
1331                           int key_nid, const char *pemname,
1332                           key_to_paramstring_fn *p2s, i2d_of_void *k2d,
1333                           struct key2any_ctx_st *ctx);
1334 typedef int write_bio_of_void_fn(BIO *bp, const void *x);
1335 
1336 
1337 /* Free the blob allocated during key_to_paramstring_fn */
free_asn1_data(int type,void * data)1338 static void free_asn1_data(int type, void *data)
1339 {
1340     switch(type) {
1341     case V_ASN1_OBJECT:
1342         ASN1_OBJECT_free(data);
1343         break;
1344     case V_ASN1_SEQUENCE:
1345         ASN1_STRING_free(data);
1346         break;
1347     }
1348 }
1349 
key_to_p8info(const void * key,int key_nid,void * params,int params_type,i2d_of_void * k2d)1350 static PKCS8_PRIV_KEY_INFO *key_to_p8info(const void *key, int key_nid,
1351                                           void *params, int params_type,
1352                                           i2d_of_void *k2d)
1353 {
1354     /* der, derlen store the key DER output and its length */
1355     unsigned char *der = NULL;
1356     int derlen;
1357     /* The final PKCS#8 info */
1358     PKCS8_PRIV_KEY_INFO *p8info = NULL;
1359 
1360     if ((p8info = PKCS8_PRIV_KEY_INFO_new()) == NULL
1361         || (derlen = k2d(key, &der)) <= 0
1362         || !PKCS8_pkey_set0(p8info, OBJ_nid2obj(key_nid), 0,
1363                             V_ASN1_UNDEF, NULL,
1364                             der, derlen)) {
1365         ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE);
1366         PKCS8_PRIV_KEY_INFO_free(p8info);
1367         OPENSSL_free(der);
1368         p8info = NULL;
1369     }
1370 
1371     return p8info;
1372 }
1373 
p8info_to_encp8(PKCS8_PRIV_KEY_INFO * p8info,struct key2any_ctx_st * ctx)1374 static X509_SIG *p8info_to_encp8(PKCS8_PRIV_KEY_INFO *p8info,
1375                                  struct key2any_ctx_st *ctx)
1376 {
1377     X509_SIG *p8 = NULL;
1378     char kstr[PEM_BUFSIZE];
1379     size_t klen = 0;
1380     OSSL_LIB_CTX *libctx = PROV_XOR_LIBCTX_OF(ctx->provctx);
1381 
1382     if (ctx->cipher == NULL || ctx->pwcb == NULL)
1383         return NULL;
1384 
1385     if (!ctx->pwcb(kstr, PEM_BUFSIZE, &klen, NULL, ctx->pwcbarg)) {
1386         ERR_raise(ERR_LIB_USER, PROV_R_UNABLE_TO_GET_PASSPHRASE);
1387         return NULL;
1388     }
1389     /* First argument == -1 means "standard" */
1390     p8 = PKCS8_encrypt_ex(-1, ctx->cipher, kstr, klen, NULL, 0, 0, p8info, libctx, NULL);
1391     OPENSSL_cleanse(kstr, klen);
1392     return p8;
1393 }
1394 
key_to_encp8(const void * key,int key_nid,void * params,int params_type,i2d_of_void * k2d,struct key2any_ctx_st * ctx)1395 static X509_SIG *key_to_encp8(const void *key, int key_nid,
1396                               void *params, int params_type,
1397                               i2d_of_void *k2d, struct key2any_ctx_st *ctx)
1398 {
1399     PKCS8_PRIV_KEY_INFO *p8info =
1400         key_to_p8info(key, key_nid, params, params_type, k2d);
1401     X509_SIG *p8 = NULL;
1402 
1403     if (p8info == NULL) {
1404         free_asn1_data(params_type, params);
1405     } else {
1406         p8 = p8info_to_encp8(p8info, ctx);
1407         PKCS8_PRIV_KEY_INFO_free(p8info);
1408     }
1409     return p8;
1410 }
1411 
xorx_key_to_pubkey(const void * key,int key_nid,void * params,int params_type,i2d_of_void k2d)1412 static X509_PUBKEY *xorx_key_to_pubkey(const void *key, int key_nid,
1413                                   void *params, int params_type,
1414                                   i2d_of_void k2d)
1415 {
1416     /* der, derlen store the key DER output and its length */
1417     unsigned char *der = NULL;
1418     int derlen;
1419     /* The final X509_PUBKEY */
1420     X509_PUBKEY *xpk = NULL;
1421 
1422     if ((xpk = X509_PUBKEY_new()) == NULL
1423         || (derlen = k2d(key, &der)) <= 0
1424         || !X509_PUBKEY_set0_param(xpk, OBJ_nid2obj(key_nid),
1425                         V_ASN1_UNDEF, NULL,
1426                         der, derlen)) {
1427         ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE);
1428         X509_PUBKEY_free(xpk);
1429         OPENSSL_free(der);
1430         xpk = NULL;
1431     }
1432 
1433     return xpk;
1434 }
1435 
1436 /*
1437  * key_to_epki_* produce encoded output with the private key data in a
1438  * EncryptedPrivateKeyInfo structure (defined by PKCS#8).  They require
1439  * that there's an intent to encrypt, anything else is an error.
1440  *
1441  * key_to_pki_* primarily produce encoded output with the private key data
1442  * in a PrivateKeyInfo structure (also defined by PKCS#8).  However, if
1443  * there is an intent to encrypt the data, the corresponding key_to_epki_*
1444  * function is used instead.
1445  *
1446  * key_to_spki_* produce encoded output with the public key data in an
1447  * X.509 SubjectPublicKeyInfo.
1448  *
1449  * Key parameters don't have any defined envelopment of this kind, but are
1450  * included in some manner in the output from the functions described above,
1451  * either in the AlgorithmIdentifier's parameter field, or as part of the
1452  * key data itself.
1453  */
1454 
key_to_epki_der_priv_bio(BIO * out,const void * key,int key_nid,ossl_unused const char * pemname,key_to_paramstring_fn * p2s,i2d_of_void * k2d,struct key2any_ctx_st * ctx)1455 static int key_to_epki_der_priv_bio(BIO *out, const void *key,
1456                                     int key_nid,
1457                                     ossl_unused const char *pemname,
1458                                     key_to_paramstring_fn *p2s,
1459                                     i2d_of_void *k2d,
1460                                     struct key2any_ctx_st *ctx)
1461 {
1462     int ret = 0;
1463     void *str = NULL;
1464     int strtype = V_ASN1_UNDEF;
1465     X509_SIG *p8;
1466 
1467     if (!ctx->cipher_intent)
1468         return 0;
1469 
1470     if (p2s != NULL && !p2s(key, key_nid, ctx->save_parameters,
1471                             &str, &strtype))
1472         return 0;
1473 
1474     p8 = key_to_encp8(key, key_nid, str, strtype, k2d, ctx);
1475     if (p8 != NULL)
1476         ret = i2d_PKCS8_bio(out, p8);
1477 
1478     X509_SIG_free(p8);
1479 
1480     return ret;
1481 }
1482 
key_to_epki_pem_priv_bio(BIO * out,const void * key,int key_nid,ossl_unused const char * pemname,key_to_paramstring_fn * p2s,i2d_of_void * k2d,struct key2any_ctx_st * ctx)1483 static int key_to_epki_pem_priv_bio(BIO *out, const void *key,
1484                                     int key_nid,
1485                                     ossl_unused const char *pemname,
1486                                     key_to_paramstring_fn *p2s,
1487                                     i2d_of_void *k2d,
1488                                     struct key2any_ctx_st *ctx)
1489 {
1490     int ret = 0;
1491     void *str = NULL;
1492     int strtype = V_ASN1_UNDEF;
1493     X509_SIG *p8;
1494 
1495     if (!ctx->cipher_intent)
1496         return 0;
1497 
1498     if (p2s != NULL && !p2s(key, key_nid, ctx->save_parameters,
1499                             &str, &strtype))
1500         return 0;
1501 
1502     p8 = key_to_encp8(key, key_nid, str, strtype, k2d, ctx);
1503     if (p8 != NULL)
1504         ret = PEM_write_bio_PKCS8(out, p8);
1505 
1506     X509_SIG_free(p8);
1507 
1508     return ret;
1509 }
1510 
key_to_pki_der_priv_bio(BIO * out,const void * key,int key_nid,ossl_unused const char * pemname,key_to_paramstring_fn * p2s,i2d_of_void * k2d,struct key2any_ctx_st * ctx)1511 static int key_to_pki_der_priv_bio(BIO *out, const void *key,
1512                                    int key_nid,
1513                                    ossl_unused const char *pemname,
1514                                    key_to_paramstring_fn *p2s,
1515                                    i2d_of_void *k2d,
1516                                    struct key2any_ctx_st *ctx)
1517 {
1518     int ret = 0;
1519     void *str = NULL;
1520     int strtype = V_ASN1_UNDEF;
1521     PKCS8_PRIV_KEY_INFO *p8info;
1522 
1523     if (ctx->cipher_intent)
1524         return key_to_epki_der_priv_bio(out, key, key_nid, pemname,
1525                                         p2s, k2d, ctx);
1526 
1527     if (p2s != NULL && !p2s(key, key_nid, ctx->save_parameters,
1528                             &str, &strtype))
1529         return 0;
1530 
1531     p8info = key_to_p8info(key, key_nid, str, strtype, k2d);
1532 
1533     if (p8info != NULL)
1534         ret = i2d_PKCS8_PRIV_KEY_INFO_bio(out, p8info);
1535     else
1536         free_asn1_data(strtype, str);
1537 
1538     PKCS8_PRIV_KEY_INFO_free(p8info);
1539 
1540     return ret;
1541 }
1542 
key_to_pki_pem_priv_bio(BIO * out,const void * key,int key_nid,ossl_unused const char * pemname,key_to_paramstring_fn * p2s,i2d_of_void * k2d,struct key2any_ctx_st * ctx)1543 static int key_to_pki_pem_priv_bio(BIO *out, const void *key,
1544                                    int key_nid,
1545                                    ossl_unused const char *pemname,
1546                                    key_to_paramstring_fn *p2s,
1547                                    i2d_of_void *k2d,
1548                                    struct key2any_ctx_st *ctx)
1549 {
1550     int ret = 0;
1551     void *str = NULL;
1552     int strtype = V_ASN1_UNDEF;
1553     PKCS8_PRIV_KEY_INFO *p8info;
1554 
1555     if (ctx->cipher_intent)
1556         return key_to_epki_pem_priv_bio(out, key, key_nid, pemname,
1557                                         p2s, k2d, ctx);
1558 
1559     if (p2s != NULL && !p2s(key, key_nid, ctx->save_parameters,
1560                             &str, &strtype))
1561         return 0;
1562 
1563     p8info = key_to_p8info(key, key_nid, str, strtype, k2d);
1564 
1565     if (p8info != NULL)
1566         ret = PEM_write_bio_PKCS8_PRIV_KEY_INFO(out, p8info);
1567     else
1568         free_asn1_data(strtype, str);
1569 
1570     PKCS8_PRIV_KEY_INFO_free(p8info);
1571 
1572     return ret;
1573 }
1574 
key_to_spki_der_pub_bio(BIO * out,const void * key,int key_nid,ossl_unused const char * pemname,key_to_paramstring_fn * p2s,i2d_of_void * k2d,struct key2any_ctx_st * ctx)1575 static int key_to_spki_der_pub_bio(BIO *out, const void *key,
1576                                    int key_nid,
1577                                    ossl_unused const char *pemname,
1578                                    key_to_paramstring_fn *p2s,
1579                                    i2d_of_void *k2d,
1580                                    struct key2any_ctx_st *ctx)
1581 {
1582     int ret = 0;
1583     X509_PUBKEY *xpk = NULL;
1584     void *str = NULL;
1585     int strtype = V_ASN1_UNDEF;
1586 
1587     if (p2s != NULL && !p2s(key, key_nid, ctx->save_parameters,
1588                             &str, &strtype))
1589         return 0;
1590 
1591     xpk = xorx_key_to_pubkey(key, key_nid, str, strtype, k2d);
1592 
1593     if (xpk != NULL)
1594         ret = i2d_X509_PUBKEY_bio(out, xpk);
1595 
1596     X509_PUBKEY_free(xpk);
1597     return ret;
1598 }
1599 
key_to_spki_pem_pub_bio(BIO * out,const void * key,int key_nid,ossl_unused const char * pemname,key_to_paramstring_fn * p2s,i2d_of_void * k2d,struct key2any_ctx_st * ctx)1600 static int key_to_spki_pem_pub_bio(BIO *out, const void *key,
1601                                    int key_nid,
1602                                    ossl_unused const char *pemname,
1603                                    key_to_paramstring_fn *p2s,
1604                                    i2d_of_void *k2d,
1605                                    struct key2any_ctx_st *ctx)
1606 {
1607     int ret = 0;
1608     X509_PUBKEY *xpk = NULL;
1609     void *str = NULL;
1610     int strtype = V_ASN1_UNDEF;
1611 
1612     if (p2s != NULL && !p2s(key, key_nid, ctx->save_parameters,
1613                             &str, &strtype))
1614         return 0;
1615 
1616     xpk = xorx_key_to_pubkey(key, key_nid, str, strtype, k2d);
1617 
1618     if (xpk != NULL)
1619         ret = PEM_write_bio_X509_PUBKEY(out, xpk);
1620     else
1621         free_asn1_data(strtype, str);
1622 
1623     /* Also frees |str| */
1624     X509_PUBKEY_free(xpk);
1625     return ret;
1626 }
1627 
1628 /* ---------------------------------------------------------------------- */
1629 
prepare_xorx_params(const void * xorxkey,int nid,int save,void ** pstr,int * pstrtype)1630 static int prepare_xorx_params(const void *xorxkey, int nid, int save,
1631                              void **pstr, int *pstrtype)
1632 {
1633     ASN1_OBJECT *params = NULL;
1634     XORKEY *k = (XORKEY*)xorxkey;
1635 
1636     if (k->tls_name && OBJ_sn2nid(k->tls_name) != nid) {
1637         ERR_raise(ERR_LIB_USER, XORPROV_R_INVALID_KEY);
1638         return 0;
1639     }
1640 
1641     if (nid == NID_undef) {
1642         ERR_raise(ERR_LIB_USER, XORPROV_R_MISSING_OID);
1643         return 0;
1644     }
1645 
1646     params = OBJ_nid2obj(nid);
1647 
1648     if (params == NULL || OBJ_length(params) == 0) {
1649         /* unexpected error */
1650         ERR_raise(ERR_LIB_USER, XORPROV_R_MISSING_OID);
1651         ASN1_OBJECT_free(params);
1652         return 0;
1653     }
1654     *pstr = params;
1655     *pstrtype = V_ASN1_OBJECT;
1656     return 1;
1657 }
1658 
xorx_spki_pub_to_der(const void * vecxkey,unsigned char ** pder)1659 static int xorx_spki_pub_to_der(const void *vecxkey, unsigned char **pder)
1660 {
1661     const XORKEY *xorxkey = vecxkey;
1662     unsigned char *keyblob;
1663     int retlen;
1664 
1665     if (xorxkey == NULL) {
1666         ERR_raise(ERR_LIB_USER, ERR_R_PASSED_NULL_PARAMETER);
1667         return 0;
1668     }
1669 
1670     keyblob = OPENSSL_memdup(xorxkey->pubkey, retlen = XOR_KEY_SIZE);
1671     if (keyblob == NULL) {
1672         ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE);
1673         return 0;
1674     }
1675 
1676     *pder = keyblob;
1677     return retlen;
1678 }
1679 
xorx_pki_priv_to_der(const void * vecxkey,unsigned char ** pder)1680 static int xorx_pki_priv_to_der(const void *vecxkey, unsigned char **pder)
1681 {
1682     XORKEY *xorxkey = (XORKEY *)vecxkey;
1683     unsigned char* buf = NULL;
1684     ASN1_OCTET_STRING oct;
1685     int keybloblen;
1686 
1687     if (xorxkey == NULL) {
1688         ERR_raise(ERR_LIB_USER, ERR_R_PASSED_NULL_PARAMETER);
1689         return 0;
1690     }
1691 
1692     buf = OPENSSL_secure_malloc(XOR_KEY_SIZE);
1693     memcpy(buf, xorxkey->privkey, XOR_KEY_SIZE);
1694 
1695     oct.data = buf;
1696     oct.length = XOR_KEY_SIZE;
1697     oct.flags = 0;
1698 
1699     keybloblen = i2d_ASN1_OCTET_STRING(&oct, pder);
1700     if (keybloblen < 0) {
1701         ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE);
1702         keybloblen = 0;
1703     }
1704 
1705     OPENSSL_secure_clear_free(buf, XOR_KEY_SIZE);
1706     return keybloblen;
1707 }
1708 
1709 # define xorx_epki_priv_to_der xorx_pki_priv_to_der
1710 
1711 /*
1712  * XORX only has PKCS#8 / SubjectPublicKeyInfo
1713  * representation, so we don't define xorx_type_specific_[priv,pub,params]_to_der.
1714  */
1715 
1716 # define xorx_check_key_type            NULL
1717 
1718 # define xorhmacsig_evp_type            0
1719 # define xorhmacsig_input_type          XORSIGALG_NAME
1720 # define xorhmacsig_pem_type            XORSIGALG_NAME
1721 # define xorhmacsha2sig_evp_type        0
1722 # define xorhmacsha2sig_input_type      XORSIGALG_HASH_NAME
1723 # define xorhmacsha2sig_pem_type        XORSIGALG_HASH_NAME
1724 
1725 /* ---------------------------------------------------------------------- */
1726 
1727 static OSSL_FUNC_decoder_newctx_fn key2any_newctx;
1728 static OSSL_FUNC_decoder_freectx_fn key2any_freectx;
1729 
key2any_newctx(void * provctx)1730 static void *key2any_newctx(void *provctx)
1731 {
1732     struct key2any_ctx_st *ctx = OPENSSL_zalloc(sizeof(*ctx));
1733 
1734     if (ctx != NULL) {
1735         ctx->provctx = provctx;
1736         ctx->save_parameters = 1;
1737     }
1738 
1739     return ctx;
1740 }
1741 
key2any_freectx(void * vctx)1742 static void key2any_freectx(void *vctx)
1743 {
1744     struct key2any_ctx_st *ctx = vctx;
1745 
1746     EVP_CIPHER_free(ctx->cipher);
1747     OPENSSL_free(ctx);
1748 }
1749 
key2any_settable_ctx_params(ossl_unused void * provctx)1750 static const OSSL_PARAM *key2any_settable_ctx_params(ossl_unused void *provctx)
1751 {
1752     static const OSSL_PARAM settables[] = {
1753         OSSL_PARAM_utf8_string(OSSL_ENCODER_PARAM_CIPHER, NULL, 0),
1754         OSSL_PARAM_utf8_string(OSSL_ENCODER_PARAM_PROPERTIES, NULL, 0),
1755         OSSL_PARAM_END,
1756     };
1757 
1758     return settables;
1759 }
1760 
key2any_set_ctx_params(void * vctx,const OSSL_PARAM params[])1761 static int key2any_set_ctx_params(void *vctx, const OSSL_PARAM params[])
1762 {
1763     struct key2any_ctx_st *ctx = vctx;
1764     OSSL_LIB_CTX *libctx = PROV_XOR_LIBCTX_OF(ctx->provctx);
1765     const OSSL_PARAM *cipherp =
1766         OSSL_PARAM_locate_const(params, OSSL_ENCODER_PARAM_CIPHER);
1767     const OSSL_PARAM *propsp =
1768         OSSL_PARAM_locate_const(params, OSSL_ENCODER_PARAM_PROPERTIES);
1769     const OSSL_PARAM *save_paramsp =
1770         OSSL_PARAM_locate_const(params, OSSL_ENCODER_PARAM_SAVE_PARAMETERS);
1771 
1772     if (cipherp != NULL) {
1773         const char *ciphername = NULL;
1774         const char *props = NULL;
1775 
1776         if (!OSSL_PARAM_get_utf8_string_ptr(cipherp, &ciphername))
1777             return 0;
1778         if (propsp != NULL && !OSSL_PARAM_get_utf8_string_ptr(propsp, &props))
1779             return 0;
1780 
1781         EVP_CIPHER_free(ctx->cipher);
1782         ctx->cipher = NULL;
1783         ctx->cipher_intent = ciphername != NULL;
1784         if (ciphername != NULL
1785             && ((ctx->cipher =
1786                  EVP_CIPHER_fetch(libctx, ciphername, props)) == NULL)) {
1787             return 0;
1788         }
1789     }
1790 
1791     if (save_paramsp != NULL) {
1792         if (!OSSL_PARAM_get_int(save_paramsp, &ctx->save_parameters)) {
1793             return 0;
1794         }
1795     }
1796     return 1;
1797 }
1798 
key2any_check_selection(int selection,int selection_mask)1799 static int key2any_check_selection(int selection, int selection_mask)
1800 {
1801     /*
1802      * The selections are kinda sorta "levels", i.e. each selection given
1803      * here is assumed to include those following.
1804      */
1805     int checks[] = {
1806         OSSL_KEYMGMT_SELECT_PRIVATE_KEY,
1807         OSSL_KEYMGMT_SELECT_PUBLIC_KEY,
1808         OSSL_KEYMGMT_SELECT_ALL_PARAMETERS
1809     };
1810     size_t i;
1811 
1812     /* The decoder implementations made here support guessing */
1813     if (selection == 0)
1814         return 1;
1815 
1816     for (i = 0; i < OSSL_NELEM(checks); i++) {
1817         int check1 = (selection & checks[i]) != 0;
1818         int check2 = (selection_mask & checks[i]) != 0;
1819 
1820         /*
1821          * If the caller asked for the currently checked bit(s), return
1822          * whether the decoder description says it's supported.
1823          */
1824         if (check1)
1825             return check2;
1826     }
1827 
1828     /* This should be dead code, but just to be safe... */
1829     return 0;
1830 }
1831 
key2any_encode(struct key2any_ctx_st * ctx,OSSL_CORE_BIO * cout,const void * key,const char * typestr,const char * pemname,key_to_der_fn * writer,OSSL_PASSPHRASE_CALLBACK * pwcb,void * pwcbarg,key_to_paramstring_fn * key2paramstring,i2d_of_void * key2der)1832 static int key2any_encode(struct key2any_ctx_st *ctx, OSSL_CORE_BIO *cout,
1833                           const void *key, const char* typestr, const char *pemname,
1834                           key_to_der_fn *writer,
1835                           OSSL_PASSPHRASE_CALLBACK *pwcb, void *pwcbarg,
1836                           key_to_paramstring_fn *key2paramstring,
1837                           i2d_of_void *key2der)
1838 {
1839     int ret = 0;
1840     int type = OBJ_sn2nid(typestr);
1841 
1842     if (key == NULL || type <= 0) {
1843         ERR_raise(ERR_LIB_USER, ERR_R_PASSED_NULL_PARAMETER);
1844     } else if (writer != NULL) {
1845         BIO *out = BIO_new_from_core_bio(ctx->provctx->libctx, cout);
1846 
1847         if (out != NULL) {
1848             ctx->pwcb = pwcb;
1849             ctx->pwcbarg = pwcbarg;
1850 
1851             ret = writer(out, key, type, pemname, key2paramstring, key2der, ctx);
1852         }
1853 
1854         BIO_free(out);
1855     } else {
1856         ERR_raise(ERR_LIB_USER, ERR_R_PASSED_INVALID_ARGUMENT);
1857     }
1858     return ret;
1859 }
1860 
1861 #define DO_ENC_PRIVATE_KEY_selection_mask OSSL_KEYMGMT_SELECT_PRIVATE_KEY
1862 #define DO_ENC_PRIVATE_KEY(impl, type, kind, output)                            \
1863     if ((selection & DO_ENC_PRIVATE_KEY_selection_mask) != 0)                   \
1864         return key2any_encode(ctx, cout, key, impl##_pem_type,              \
1865                               impl##_pem_type " PRIVATE KEY",               \
1866                               key_to_##kind##_##output##_priv_bio,          \
1867                               cb, cbarg, prepare_##type##_params,           \
1868                               type##_##kind##_priv_to_der);
1869 
1870 #define DO_ENC_PUBLIC_KEY_selection_mask OSSL_KEYMGMT_SELECT_PUBLIC_KEY
1871 #define DO_ENC_PUBLIC_KEY(impl, type, kind, output)                             \
1872     if ((selection & DO_ENC_PUBLIC_KEY_selection_mask) != 0)                    \
1873         return key2any_encode(ctx, cout, key, impl##_pem_type,              \
1874                               impl##_pem_type " PUBLIC KEY",                \
1875                               key_to_##kind##_##output##_pub_bio,           \
1876                               cb, cbarg, prepare_##type##_params,           \
1877                               type##_##kind##_pub_to_der);
1878 
1879 #define DO_ENC_PARAMETERS_selection_mask OSSL_KEYMGMT_SELECT_ALL_PARAMETERS
1880 #define DO_ENC_PARAMETERS(impl, type, kind, output)                             \
1881     if ((selection & DO_ENC_PARAMETERS_selection_mask) != 0)                    \
1882         return key2any_encode(ctx, cout, key, impl##_pem_type,              \
1883                               impl##_pem_type " PARAMETERS",                \
1884                               key_to_##kind##_##output##_param_bio,         \
1885                               NULL, NULL, NULL,                             \
1886                               type##_##kind##_params_to_der);
1887 
1888 /*-
1889  * Implement the kinds of output structure that can be produced.  They are
1890  * referred to by name, and for each name, the following macros are defined
1891  * (braces not included):
1892  *
1893  * DO_{kind}_selection_mask
1894  *
1895  *      A mask of selection bits that must not be zero.  This is used as a
1896  *      selection criterion for each implementation.
1897  *      This mask must never be zero.
1898  *
1899  * DO_{kind}
1900  *
1901  *      The performing macro.  It must use the DO_ macros defined above,
1902  *      always in this order:
1903  *
1904  *      - DO_PRIVATE_KEY
1905  *      - DO_PUBLIC_KEY
1906  *      - DO_PARAMETERS
1907  *
1908  *      Any of those may be omitted, but the relative order must still be
1909  *      the same.
1910  */
1911 
1912 /*
1913  * PKCS#8 defines two structures for private keys only:
1914  * - PrivateKeyInfo             (raw unencrypted form)
1915  * - EncryptedPrivateKeyInfo    (encrypted wrapping)
1916  *
1917  * To allow a certain amount of flexibility, we allow the routines
1918  * for PrivateKeyInfo to also produce EncryptedPrivateKeyInfo if a
1919  * passphrase callback has been passed to them.
1920  */
1921 #define DO_ENC_PrivateKeyInfo_selection_mask DO_ENC_PRIVATE_KEY_selection_mask
1922 #define DO_ENC_PrivateKeyInfo(impl, type, output)                               \
1923     DO_ENC_PRIVATE_KEY(impl, type, pki, output)
1924 
1925 #define DO_ENC_EncryptedPrivateKeyInfo_selection_mask DO_ENC_PRIVATE_KEY_selection_mask
1926 #define DO_ENC_EncryptedPrivateKeyInfo(impl, type, output)                      \
1927     DO_ENC_PRIVATE_KEY(impl, type, epki, output)
1928 
1929 /* SubjectPublicKeyInfo is a structure for public keys only */
1930 #define DO_ENC_SubjectPublicKeyInfo_selection_mask DO_ENC_PUBLIC_KEY_selection_mask
1931 #define DO_ENC_SubjectPublicKeyInfo(impl, type, output)                         \
1932     DO_ENC_PUBLIC_KEY(impl, type, spki, output)
1933 
1934 /*
1935  * MAKE_ENCODER is the single driver for creating OSSL_DISPATCH tables.
1936  * It takes the following arguments:
1937  *
1938  * impl         This is the key type name that's being implemented.
1939  * type         This is the type name for the set of functions that implement
1940  *              the key type.  For example, ed25519, ed448, x25519 and x448
1941  *              are all implemented with the exact same set of functions.
1942  * kind         What kind of support to implement.  These translate into
1943  *              the DO_##kind macros above.
1944  * output       The output type to implement.  may be der or pem.
1945  *
1946  * The resulting OSSL_DISPATCH array gets the following name (expressed in
1947  * C preprocessor terms) from those arguments:
1948  *
1949  * xor_##impl##_to_##kind##_##output##_encoder_functions
1950  */
1951 #define MAKE_ENCODER(impl, type, kind, output)                              \
1952     static OSSL_FUNC_encoder_import_object_fn                               \
1953     impl##_to_##kind##_##output##_import_object;                            \
1954     static OSSL_FUNC_encoder_free_object_fn                                 \
1955     impl##_to_##kind##_##output##_free_object;                              \
1956     static OSSL_FUNC_encoder_encode_fn                                      \
1957     impl##_to_##kind##_##output##_encode;                                   \
1958                                                                             \
1959     static void *                                                           \
1960     impl##_to_##kind##_##output##_import_object(void *vctx, int selection,  \
1961                                                 const OSSL_PARAM params[])  \
1962     {                                                                       \
1963         struct key2any_ctx_st *ctx = vctx;                                  \
1964                                                                             \
1965         return xor_prov_import_key(xor_##impl##_keymgmt_functions,          \
1966                                     ctx->provctx, selection, params);       \
1967     }                                                                       \
1968     static void impl##_to_##kind##_##output##_free_object(void *key)        \
1969     {                                                                       \
1970         xor_prov_free_key(xor_##impl##_keymgmt_functions, key);             \
1971     }                                                                       \
1972     static int impl##_to_##kind##_##output##_does_selection(void *ctx,      \
1973                                                             int selection)  \
1974     {                                                                       \
1975         return key2any_check_selection(selection,                           \
1976                                        DO_ENC_##kind##_selection_mask);     \
1977     }                                                                       \
1978     static int                                                              \
1979     impl##_to_##kind##_##output##_encode(void *ctx, OSSL_CORE_BIO *cout,    \
1980                                          const void *key,                   \
1981                                          const OSSL_PARAM key_abstract[],   \
1982                                          int selection,                     \
1983                                          OSSL_PASSPHRASE_CALLBACK *cb,      \
1984                                          void *cbarg)                       \
1985     {                                                                       \
1986         /* We don't deal with abstract objects */                           \
1987         if (key_abstract != NULL) {                                         \
1988             ERR_raise(ERR_LIB_USER, ERR_R_PASSED_INVALID_ARGUMENT);         \
1989             return 0;                                                       \
1990         }                                                                   \
1991         DO_ENC_##kind(impl, type, output)                                   \
1992                                                                             \
1993         ERR_raise(ERR_LIB_USER, ERR_R_PASSED_INVALID_ARGUMENT);             \
1994         return 0;                                                           \
1995     }                                                                       \
1996     static const OSSL_DISPATCH                                              \
1997     xor_##impl##_to_##kind##_##output##_encoder_functions[] = {             \
1998         { OSSL_FUNC_ENCODER_NEWCTX,                                         \
1999           (void (*)(void))key2any_newctx },                                 \
2000         { OSSL_FUNC_ENCODER_FREECTX,                                        \
2001           (void (*)(void))key2any_freectx },                                \
2002         { OSSL_FUNC_ENCODER_SETTABLE_CTX_PARAMS,                            \
2003           (void (*)(void))key2any_settable_ctx_params },                    \
2004         { OSSL_FUNC_ENCODER_SET_CTX_PARAMS,                                 \
2005           (void (*)(void))key2any_set_ctx_params },                         \
2006         { OSSL_FUNC_ENCODER_DOES_SELECTION,                                 \
2007           (void (*)(void))impl##_to_##kind##_##output##_does_selection },   \
2008         { OSSL_FUNC_ENCODER_IMPORT_OBJECT,                                  \
2009           (void (*)(void))impl##_to_##kind##_##output##_import_object },    \
2010         { OSSL_FUNC_ENCODER_FREE_OBJECT,                                    \
2011           (void (*)(void))impl##_to_##kind##_##output##_free_object },      \
2012         { OSSL_FUNC_ENCODER_ENCODE,                                         \
2013           (void (*)(void))impl##_to_##kind##_##output##_encode },           \
2014         OSSL_DISPATCH_END                                                   \
2015     }
2016 
2017 /*
2018  * Replacements for i2d_{TYPE}PrivateKey, i2d_{TYPE}PublicKey,
2019  * i2d_{TYPE}params, as they exist.
2020  */
2021 
2022 /*
2023  * PKCS#8 and SubjectPublicKeyInfo support.  This may duplicate some of the
2024  * implementations specified above, but are more specific.
2025  * The SubjectPublicKeyInfo implementations also replace the
2026  * PEM_write_bio_{TYPE}_PUBKEY functions.
2027  * For PEM, these are expected to be used by PEM_write_bio_PrivateKey(),
2028  * PEM_write_bio_PUBKEY() and PEM_write_bio_Parameters().
2029  */
2030 
2031 MAKE_ENCODER(xorhmacsig, xorx, EncryptedPrivateKeyInfo, der);
2032 MAKE_ENCODER(xorhmacsig, xorx, EncryptedPrivateKeyInfo, pem);
2033 MAKE_ENCODER(xorhmacsig, xorx, PrivateKeyInfo, der);
2034 MAKE_ENCODER(xorhmacsig, xorx, PrivateKeyInfo, pem);
2035 MAKE_ENCODER(xorhmacsig, xorx, SubjectPublicKeyInfo, der);
2036 MAKE_ENCODER(xorhmacsig, xorx, SubjectPublicKeyInfo, pem);
2037 MAKE_ENCODER(xorhmacsha2sig, xorx, EncryptedPrivateKeyInfo, der);
2038 MAKE_ENCODER(xorhmacsha2sig, xorx, EncryptedPrivateKeyInfo, pem);
2039 MAKE_ENCODER(xorhmacsha2sig, xorx, PrivateKeyInfo, der);
2040 MAKE_ENCODER(xorhmacsha2sig, xorx, PrivateKeyInfo, pem);
2041 MAKE_ENCODER(xorhmacsha2sig, xorx, SubjectPublicKeyInfo, der);
2042 MAKE_ENCODER(xorhmacsha2sig, xorx, SubjectPublicKeyInfo, pem);
2043 
2044 static const OSSL_ALGORITHM tls_prov_encoder[] = {
2045 #define ENCODER_PROVIDER "tls-provider"
2046 #ifndef ENCODER_PROVIDER
2047 # error Macro ENCODER_PROVIDER undefined
2048 #endif
2049 
2050 #define ENCODER_STRUCTURE_PKCS8                         "pkcs8"
2051 #define ENCODER_STRUCTURE_SubjectPublicKeyInfo          "SubjectPublicKeyInfo"
2052 #define ENCODER_STRUCTURE_PrivateKeyInfo                "PrivateKeyInfo"
2053 #define ENCODER_STRUCTURE_EncryptedPrivateKeyInfo       "EncryptedPrivateKeyInfo"
2054 #define ENCODER_STRUCTURE_PKCS1                         "pkcs1"
2055 #define ENCODER_STRUCTURE_PKCS3                         "pkcs3"
2056 
2057 /* Arguments are prefixed with '_' to avoid build breaks on certain platforms */
2058 /*
2059  * Obviously this is not FIPS approved, but in order to test in conjunction
2060  * with the FIPS provider we pretend that it is.
2061  */
2062 #define ENCODER_TEXT(_name, _sym)                                \
2063     { _name,                                                            \
2064       "provider=" ENCODER_PROVIDER ",fips=yes,output=text",      \
2065       (xor_##_sym##_to_text_encoder_functions) }
2066 #define ENCODER(_name, _sym, _fips, _output)                            \
2067     { _name,                                                            \
2068       "provider=" ENCODER_PROVIDER ",fips=yes,output=" #_output, \
2069       (xor_##_sym##_to_##_output##_encoder_functions) }
2070 
2071 #define ENCODER_w_structure(_name, _sym, _output, _structure)    \
2072     { _name,                                                            \
2073       "provider=" ENCODER_PROVIDER ",fips=yes,output=" #_output  \
2074       ",structure=" ENCODER_STRUCTURE_##_structure,                     \
2075       (xor_##_sym##_to_##_structure##_##_output##_encoder_functions) }
2076 
2077 /*
2078  * Entries for human text "encoders"
2079  */
2080 
2081 /*
2082  * Entries for PKCS#8 and SubjectPublicKeyInfo.
2083  * The "der" ones are added convenience for any user that wants to use
2084  * OSSL_ENCODER directly.
2085  * The "pem" ones also support PEM_write_bio_PrivateKey() and
2086  * PEM_write_bio_PUBKEY().
2087  */
2088 
2089 ENCODER_w_structure(XORSIGALG_NAME, xorhmacsig, der, PrivateKeyInfo),
2090 ENCODER_w_structure(XORSIGALG_NAME, xorhmacsig, pem, PrivateKeyInfo),
2091 ENCODER_w_structure(XORSIGALG_NAME, xorhmacsig, der, EncryptedPrivateKeyInfo),
2092 ENCODER_w_structure(XORSIGALG_NAME, xorhmacsig, pem, EncryptedPrivateKeyInfo),
2093 ENCODER_w_structure(XORSIGALG_NAME, xorhmacsig, der, SubjectPublicKeyInfo),
2094 ENCODER_w_structure(XORSIGALG_NAME, xorhmacsig, pem, SubjectPublicKeyInfo),
2095 ENCODER_w_structure(XORSIGALG_HASH_NAME, xorhmacsha2sig,
2096                     der, PrivateKeyInfo),
2097 ENCODER_w_structure(XORSIGALG_HASH_NAME, xorhmacsha2sig,
2098                     pem, PrivateKeyInfo),
2099 ENCODER_w_structure(XORSIGALG_HASH_NAME, xorhmacsha2sig,
2100                     der, EncryptedPrivateKeyInfo),
2101 ENCODER_w_structure(XORSIGALG_HASH_NAME, xorhmacsha2sig,
2102                     pem, EncryptedPrivateKeyInfo),
2103 ENCODER_w_structure(XORSIGALG_HASH_NAME, xorhmacsha2sig,
2104                     der, SubjectPublicKeyInfo),
2105 ENCODER_w_structure(XORSIGALG_HASH_NAME, xorhmacsha2sig,
2106                     pem, SubjectPublicKeyInfo),
2107 #undef ENCODER_PROVIDER
2108     { NULL, NULL, NULL }
2109 };
2110 
2111 struct der2key_ctx_st;           /* Forward declaration */
2112 typedef int check_key_fn(void *, struct der2key_ctx_st *ctx);
2113 typedef void adjust_key_fn(void *, struct der2key_ctx_st *ctx);
2114 typedef void free_key_fn(void *);
2115 typedef void *d2i_PKCS8_fn(void **, const unsigned char **, long,
2116                            struct der2key_ctx_st *);
2117 struct keytype_desc_st {
2118     const char *keytype_name;
2119     const OSSL_DISPATCH *fns; /* Keymgmt (to pilfer functions from) */
2120 
2121     /* The input structure name */
2122     const char *structure_name;
2123 
2124     /*
2125      * The EVP_PKEY_xxx type macro.  Should be zero for type specific
2126      * structures, non-zero when the outermost structure is PKCS#8 or
2127      * SubjectPublicKeyInfo.  This determines which of the function
2128      * pointers below will be used.
2129      */
2130     int evp_type;
2131 
2132     /* The selection mask for OSSL_FUNC_decoder_does_selection() */
2133     int selection_mask;
2134 
2135     /* For type specific decoders, we use the corresponding d2i */
2136     d2i_of_void *d2i_private_key; /* From type-specific DER */
2137     d2i_of_void *d2i_public_key;  /* From type-specific DER */
2138     d2i_of_void *d2i_key_params;  /* From type-specific DER */
2139     d2i_PKCS8_fn *d2i_PKCS8;      /* Wrapped in a PrivateKeyInfo */
2140     d2i_of_void *d2i_PUBKEY;      /* Wrapped in a SubjectPublicKeyInfo */
2141 
2142     /*
2143      * For any key, we may need to check that the key meets expectations.
2144      * This is useful when the same functions can decode several variants
2145      * of a key.
2146      */
2147     check_key_fn *check_key;
2148 
2149     /*
2150      * For any key, we may need to make provider specific adjustments, such
2151      * as ensure the key carries the correct library context.
2152      */
2153     adjust_key_fn *adjust_key;
2154     /* {type}_free() */
2155     free_key_fn *free_key;
2156 };
2157 
2158 /*
2159  * Start blatant code steal. Alternative: Open up d2i_X509_PUBKEY_INTERNAL
2160  * as per https://github.com/openssl/openssl/issues/16697 (TBD)
2161  * Code from openssl/crypto/x509/x_pubkey.c as
2162  * ossl_d2i_X509_PUBKEY_INTERNAL is presently not public
2163  */
2164 struct X509_pubkey_st {
2165     X509_ALGOR *algor;
2166     ASN1_BIT_STRING *public_key;
2167 
2168     EVP_PKEY *pkey;
2169 
2170     /* extra data for the callback, used by d2i_PUBKEY_ex */
2171     OSSL_LIB_CTX *libctx;
2172     char *propq;
2173 };
2174 
2175 ASN1_SEQUENCE(X509_PUBKEY_INTERNAL) = {
2176         ASN1_SIMPLE(X509_PUBKEY, algor, X509_ALGOR),
2177         ASN1_SIMPLE(X509_PUBKEY, public_key, ASN1_BIT_STRING)
2178 } static_ASN1_SEQUENCE_END_name(X509_PUBKEY, X509_PUBKEY_INTERNAL)
2179 
2180 static X509_PUBKEY *xorx_d2i_X509_PUBKEY_INTERNAL(const unsigned char **pp,
2181                                            long len, OSSL_LIB_CTX *libctx)
2182 {
2183     X509_PUBKEY *xpub = OPENSSL_zalloc(sizeof(*xpub));
2184 
2185     if (xpub == NULL)
2186         return NULL;
2187     return (X509_PUBKEY *)ASN1_item_d2i_ex((ASN1_VALUE **)&xpub, pp, len,
2188                                            ASN1_ITEM_rptr(X509_PUBKEY_INTERNAL),
2189                                            libctx, NULL);
2190 }
2191 /* end steal https://github.com/openssl/openssl/issues/16697 */
2192 
2193 /*
2194  * Context used for DER to key decoding.
2195  */
2196 struct der2key_ctx_st {
2197     PROV_XOR_CTX *provctx;
2198     struct keytype_desc_st *desc;
2199     /* The selection that is passed to xor_der2key_decode() */
2200     int selection;
2201     /* Flag used to signal that a failure is fatal */
2202     unsigned int flag_fatal : 1;
2203 };
2204 
xor_read_der(PROV_XOR_CTX * provctx,OSSL_CORE_BIO * cin,unsigned char ** data,long * len)2205 static int xor_read_der(PROV_XOR_CTX *provctx, OSSL_CORE_BIO *cin,
2206                         unsigned char **data, long *len)
2207 {
2208     BUF_MEM *mem = NULL;
2209     BIO *in = BIO_new_from_core_bio(provctx->libctx, cin);
2210     int ok = (asn1_d2i_read_bio(in, &mem) >= 0);
2211 
2212     if (ok) {
2213         *data = (unsigned char *)mem->data;
2214         *len = (long)mem->length;
2215         OPENSSL_free(mem);
2216     }
2217     BIO_free(in);
2218     return ok;
2219 }
2220 
2221 typedef void *key_from_pkcs8_t(const PKCS8_PRIV_KEY_INFO *p8inf,
2222                                OSSL_LIB_CTX *libctx, const char *propq);
xor_der2key_decode_p8(const unsigned char ** input_der,long input_der_len,struct der2key_ctx_st * ctx,key_from_pkcs8_t * key_from_pkcs8)2223 static void *xor_der2key_decode_p8(const unsigned char **input_der,
2224                                long input_der_len, struct der2key_ctx_st *ctx,
2225                                key_from_pkcs8_t *key_from_pkcs8)
2226 {
2227     PKCS8_PRIV_KEY_INFO *p8inf = NULL;
2228     const X509_ALGOR *alg = NULL;
2229     void *key = NULL;
2230 
2231     if ((p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, input_der, input_der_len)) != NULL
2232         && PKCS8_pkey_get0(NULL, NULL, NULL, &alg, p8inf)
2233         && OBJ_obj2nid(alg->algorithm) == ctx->desc->evp_type)
2234         key = key_from_pkcs8(p8inf, PROV_XOR_LIBCTX_OF(ctx->provctx), NULL);
2235     PKCS8_PRIV_KEY_INFO_free(p8inf);
2236 
2237     return key;
2238 }
2239 
xor_d2i_PUBKEY(XORKEY ** a,const unsigned char ** pp,long length)2240 static XORKEY *xor_d2i_PUBKEY(XORKEY **a,
2241                                const unsigned char **pp, long length)
2242 {
2243     XORKEY *key = NULL;
2244     X509_PUBKEY *xpk;
2245 
2246     xpk = xorx_d2i_X509_PUBKEY_INTERNAL(pp, length, NULL);
2247 
2248     key = xor_key_from_x509pubkey(xpk, NULL, NULL);
2249 
2250     if (key == NULL)
2251         goto err_exit;
2252 
2253     if (a != NULL) {
2254         xor_freekey(*a);
2255         *a = key;
2256     }
2257 
2258     err_exit:
2259     X509_PUBKEY_free(xpk);
2260     return key;
2261 }
2262 
2263 
2264 /* ---------------------------------------------------------------------- */
2265 
2266 static OSSL_FUNC_decoder_freectx_fn der2key_freectx;
2267 static OSSL_FUNC_decoder_decode_fn xor_der2key_decode;
2268 static OSSL_FUNC_decoder_export_object_fn der2key_export_object;
2269 
2270 static struct der2key_ctx_st *
der2key_newctx(void * provctx,struct keytype_desc_st * desc,const char * tls_name)2271 der2key_newctx(void *provctx, struct keytype_desc_st *desc, const char* tls_name)
2272 {
2273     struct der2key_ctx_st *ctx = OPENSSL_zalloc(sizeof(*ctx));
2274 
2275     if (ctx != NULL) {
2276         ctx->provctx = provctx;
2277         ctx->desc = desc;
2278         if (desc->evp_type == 0) {
2279            ctx->desc->evp_type = OBJ_sn2nid(tls_name);
2280         }
2281     }
2282     return ctx;
2283 }
2284 
der2key_freectx(void * vctx)2285 static void der2key_freectx(void *vctx)
2286 {
2287     struct der2key_ctx_st *ctx = vctx;
2288 
2289     OPENSSL_free(ctx);
2290 }
2291 
der2key_check_selection(int selection,const struct keytype_desc_st * desc)2292 static int der2key_check_selection(int selection,
2293                                    const struct keytype_desc_st *desc)
2294 {
2295     /*
2296      * The selections are kinda sorta "levels", i.e. each selection given
2297      * here is assumed to include those following.
2298      */
2299     int checks[] = {
2300         OSSL_KEYMGMT_SELECT_PRIVATE_KEY,
2301         OSSL_KEYMGMT_SELECT_PUBLIC_KEY,
2302         OSSL_KEYMGMT_SELECT_ALL_PARAMETERS
2303     };
2304     size_t i;
2305 
2306     /* The decoder implementations made here support guessing */
2307     if (selection == 0)
2308         return 1;
2309 
2310     for (i = 0; i < OSSL_NELEM(checks); i++) {
2311         int check1 = (selection & checks[i]) != 0;
2312         int check2 = (desc->selection_mask & checks[i]) != 0;
2313 
2314         /*
2315          * If the caller asked for the currently checked bit(s), return
2316          * whether the decoder description says it's supported.
2317          */
2318         if (check1)
2319             return check2;
2320     }
2321 
2322     /* This should be dead code, but just to be safe... */
2323     return 0;
2324 }
2325 
xor_der2key_decode(void * vctx,OSSL_CORE_BIO * cin,int selection,OSSL_CALLBACK * data_cb,void * data_cbarg,OSSL_PASSPHRASE_CALLBACK * pw_cb,void * pw_cbarg)2326 static int xor_der2key_decode(void *vctx, OSSL_CORE_BIO *cin, int selection,
2327                           OSSL_CALLBACK *data_cb, void *data_cbarg,
2328                           OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg)
2329 {
2330     struct der2key_ctx_st *ctx = vctx;
2331     unsigned char *der = NULL;
2332     const unsigned char *derp;
2333     long der_len = 0;
2334     void *key = NULL;
2335     int ok = 0;
2336 
2337     ctx->selection = selection;
2338     /*
2339      * The caller is allowed to specify 0 as a selection mark, to have the
2340      * structure and key type guessed.  For type-specific structures, this
2341      * is not recommended, as some structures are very similar.
2342      * Note that 0 isn't the same as OSSL_KEYMGMT_SELECT_ALL, as the latter
2343      * signifies a private key structure, where everything else is assumed
2344      * to be present as well.
2345      */
2346     if (selection == 0)
2347         selection = ctx->desc->selection_mask;
2348     if ((selection & ctx->desc->selection_mask) == 0) {
2349         ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_INVALID_ARGUMENT);
2350         return 0;
2351     }
2352 
2353     ok = xor_read_der(ctx->provctx, cin, &der, &der_len);
2354     if (!ok)
2355         goto next;
2356 
2357     ok = 0;                      /* Assume that we fail */
2358 
2359     if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) {
2360         derp = der;
2361         if (ctx->desc->d2i_PKCS8 != NULL) {
2362             key = ctx->desc->d2i_PKCS8(NULL, &derp, der_len, ctx);
2363             if (ctx->flag_fatal)
2364                 goto end;
2365         } else if (ctx->desc->d2i_private_key != NULL) {
2366             key = ctx->desc->d2i_private_key(NULL, &derp, der_len);
2367         }
2368         if (key == NULL && ctx->selection != 0)
2369             goto next;
2370     }
2371     if (key == NULL && (selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) {
2372         derp = der;
2373         if (ctx->desc->d2i_PUBKEY != NULL)
2374             key = ctx->desc->d2i_PUBKEY(NULL, &derp, der_len);
2375         else
2376             key = ctx->desc->d2i_public_key(NULL, &derp, der_len);
2377         if (key == NULL && ctx->selection != 0)
2378             goto next;
2379     }
2380     if (key == NULL && (selection & OSSL_KEYMGMT_SELECT_ALL_PARAMETERS) != 0) {
2381         derp = der;
2382         if (ctx->desc->d2i_key_params != NULL)
2383             key = ctx->desc->d2i_key_params(NULL, &derp, der_len);
2384         if (key == NULL && ctx->selection != 0)
2385             goto next;
2386     }
2387 
2388     /*
2389      * Last minute check to see if this was the correct type of key.  This
2390      * should never lead to a fatal error, i.e. the decoding itself was
2391      * correct, it was just an unexpected key type.  This is generally for
2392      * classes of key types that have subtle variants, like RSA-PSS keys as
2393      * opposed to plain RSA keys.
2394      */
2395     if (key != NULL
2396         && ctx->desc->check_key != NULL
2397         && !ctx->desc->check_key(key, ctx)) {
2398         ctx->desc->free_key(key);
2399         key = NULL;
2400     }
2401 
2402     if (key != NULL && ctx->desc->adjust_key != NULL)
2403         ctx->desc->adjust_key(key, ctx);
2404 
2405  next:
2406     /*
2407      * Indicated that we successfully decoded something, or not at all.
2408      * Ending up "empty handed" is not an error.
2409      */
2410     ok = 1;
2411 
2412     /*
2413      * We free memory here so it's not held up during the callback, because
2414      * we know the process is recursive and the allocated chunks of memory
2415      * add up.
2416      */
2417     OPENSSL_free(der);
2418     der = NULL;
2419 
2420     if (key != NULL) {
2421         OSSL_PARAM params[4];
2422         int object_type = OSSL_OBJECT_PKEY;
2423 
2424         params[0] =
2425             OSSL_PARAM_construct_int(OSSL_OBJECT_PARAM_TYPE, &object_type);
2426         params[1] =
2427             OSSL_PARAM_construct_utf8_string(OSSL_OBJECT_PARAM_DATA_TYPE,
2428                                              (char *)ctx->desc->keytype_name,
2429                                              0);
2430         /* The address of the key becomes the octet string */
2431         params[2] =
2432             OSSL_PARAM_construct_octet_string(OSSL_OBJECT_PARAM_REFERENCE,
2433                                               &key, sizeof(key));
2434         params[3] = OSSL_PARAM_construct_end();
2435 
2436         ok = data_cb(params, data_cbarg);
2437     }
2438 
2439  end:
2440     ctx->desc->free_key(key);
2441     OPENSSL_free(der);
2442 
2443     return ok;
2444 }
2445 
der2key_export_object(void * vctx,const void * reference,size_t reference_sz,OSSL_CALLBACK * export_cb,void * export_cbarg)2446 static int der2key_export_object(void *vctx,
2447                                  const void *reference, size_t reference_sz,
2448                                  OSSL_CALLBACK *export_cb, void *export_cbarg)
2449 {
2450     struct der2key_ctx_st *ctx = vctx;
2451     OSSL_FUNC_keymgmt_export_fn *export =
2452         xor_prov_get_keymgmt_export(ctx->desc->fns);
2453     void *keydata;
2454 
2455     if (reference_sz == sizeof(keydata) && export != NULL) {
2456         /* The contents of the reference is the address to our object */
2457         keydata = *(void **)reference;
2458 
2459         return export(keydata, ctx->selection, export_cb, export_cbarg);
2460     }
2461     return 0;
2462 }
2463 
2464 /* ---------------------------------------------------------------------- */
2465 
xorx_d2i_PKCS8(void ** key,const unsigned char ** der,long der_len,struct der2key_ctx_st * ctx)2466 static void *xorx_d2i_PKCS8(void **key, const unsigned char **der, long der_len,
2467                            struct der2key_ctx_st *ctx)
2468 {
2469     return xor_der2key_decode_p8(der, der_len, ctx,
2470                              (key_from_pkcs8_t *)xor_key_from_pkcs8);
2471 }
2472 
xorx_key_adjust(void * key,struct der2key_ctx_st * ctx)2473 static void xorx_key_adjust(void *key, struct der2key_ctx_st *ctx)
2474 {
2475 }
2476 
2477 /* ---------------------------------------------------------------------- */
2478 
2479 #define DO_PrivateKeyInfo(keytype)                      \
2480     "PrivateKeyInfo", 0,                                \
2481         ( OSSL_KEYMGMT_SELECT_PRIVATE_KEY ),            \
2482         NULL,                                           \
2483         NULL,                                           \
2484         NULL,                                           \
2485         xorx_d2i_PKCS8,                                 \
2486         NULL,                                           \
2487         NULL,                                           \
2488         xorx_key_adjust,                                \
2489         (free_key_fn *)xor_freekey
2490 
2491 #define DO_SubjectPublicKeyInfo(keytype)                \
2492     "SubjectPublicKeyInfo", 0,                          \
2493         ( OSSL_KEYMGMT_SELECT_PUBLIC_KEY ),             \
2494         NULL,                                           \
2495         NULL,                                           \
2496         NULL,                                           \
2497         NULL,                                           \
2498         (d2i_of_void *)xor_d2i_PUBKEY,                  \
2499         NULL,                                           \
2500         xorx_key_adjust,                                \
2501         (free_key_fn *)xor_freekey
2502 
2503 /*
2504  * MAKE_DECODER is the single driver for creating OSSL_DISPATCH tables.
2505  * It takes the following arguments:
2506  *
2507  * keytype_name The implementation key type as a string.
2508  * keytype      The implementation key type.  This must correspond exactly
2509  *              to our existing keymgmt keytype names...  in other words,
2510  *              there must exist an ossl_##keytype##_keymgmt_functions.
2511  * type         The type name for the set of functions that implement the
2512  *              decoder for the key type.  This isn't necessarily the same
2513  *              as keytype.  For example, the key types ed25519, ed448,
2514  *              x25519 and x448 are all handled by the same functions with
2515  *              the common type name ecx.
2516  * kind         The kind of support to implement.  This translates into
2517  *              the DO_##kind macros above, to populate the keytype_desc_st
2518  *              structure.
2519  */
2520 #define MAKE_DECODER(keytype_name, keytype, type, kind)                 \
2521     static struct keytype_desc_st kind##_##keytype##_desc =             \
2522         { keytype_name, xor_##keytype##_keymgmt_functions,              \
2523           DO_##kind(keytype) };                                         \
2524                                                                         \
2525     static OSSL_FUNC_decoder_newctx_fn kind##_der2##keytype##_newctx;   \
2526                                                                         \
2527     static void *kind##_der2##keytype##_newctx(void *provctx)           \
2528     {                                                                   \
2529         return der2key_newctx(provctx, &kind##_##keytype##_desc, keytype_name );\
2530     }                                                                   \
2531     static int kind##_der2##keytype##_does_selection(void *provctx,     \
2532                                                      int selection)     \
2533     {                                                                   \
2534         return der2key_check_selection(selection,                       \
2535                                        &kind##_##keytype##_desc);       \
2536     }                                                                   \
2537     static const OSSL_DISPATCH                                          \
2538     xor_##kind##_der_to_##keytype##_decoder_functions[] = {             \
2539         { OSSL_FUNC_DECODER_NEWCTX,                                     \
2540           (void (*)(void))kind##_der2##keytype##_newctx },              \
2541         { OSSL_FUNC_DECODER_FREECTX,                                    \
2542           (void (*)(void))der2key_freectx },                            \
2543         { OSSL_FUNC_DECODER_DOES_SELECTION,                             \
2544           (void (*)(void))kind##_der2##keytype##_does_selection },      \
2545         { OSSL_FUNC_DECODER_DECODE,                                     \
2546           (void (*)(void))xor_der2key_decode },                         \
2547         { OSSL_FUNC_DECODER_EXPORT_OBJECT,                              \
2548           (void (*)(void))der2key_export_object },                      \
2549         OSSL_DISPATCH_END                                               \
2550     }
2551 
2552 MAKE_DECODER(XORSIGALG_NAME, xorhmacsig, xor, PrivateKeyInfo);
2553 MAKE_DECODER(XORSIGALG_NAME, xorhmacsig, xor, SubjectPublicKeyInfo);
2554 MAKE_DECODER(XORSIGALG_HASH_NAME, xorhmacsha2sig, xor, PrivateKeyInfo);
2555 MAKE_DECODER(XORSIGALG_HASH_NAME, xorhmacsha2sig, xor, SubjectPublicKeyInfo);
2556 
2557 static const OSSL_ALGORITHM tls_prov_decoder[] = {
2558 #define DECODER_PROVIDER "tls-provider"
2559 #define DECODER_STRUCTURE_SubjectPublicKeyInfo          "SubjectPublicKeyInfo"
2560 #define DECODER_STRUCTURE_PrivateKeyInfo                "PrivateKeyInfo"
2561 
2562 /* Arguments are prefixed with '_' to avoid build breaks on certain platforms */
2563 /*
2564  * Obviously this is not FIPS approved, but in order to test in conjunction
2565  * with the FIPS provider we pretend that it is.
2566  */
2567 
2568 #define DECODER(_name, _input, _output)                          \
2569     { _name,                                                            \
2570       "provider=" DECODER_PROVIDER ",fips=yes,input=" #_input,   \
2571       (xor_##_input##_to_##_output##_decoder_functions) }
2572 #define DECODER_w_structure(_name, _input, _structure, _output)  \
2573     { _name,                                                            \
2574       "provider=" DECODER_PROVIDER ",fips=yes,input=" #_input    \
2575       ",structure=" DECODER_STRUCTURE_##_structure,                     \
2576       (xor_##_structure##_##_input##_to_##_output##_decoder_functions) }
2577 
2578 DECODER_w_structure(XORSIGALG_NAME, der, PrivateKeyInfo, xorhmacsig),
2579 DECODER_w_structure(XORSIGALG_NAME, der, SubjectPublicKeyInfo, xorhmacsig),
2580 DECODER_w_structure(XORSIGALG_HASH_NAME, der, PrivateKeyInfo, xorhmacsha2sig),
2581 DECODER_w_structure(XORSIGALG_HASH_NAME, der, SubjectPublicKeyInfo, xorhmacsha2sig),
2582 #undef DECODER_PROVIDER
2583     { NULL, NULL, NULL }
2584 };
2585 
2586 #define OSSL_MAX_NAME_SIZE 50
2587 #define OSSL_MAX_PROPQUERY_SIZE     256 /* Property query strings */
2588 
2589 static OSSL_FUNC_signature_newctx_fn xor_sig_newctx;
2590 static OSSL_FUNC_signature_sign_init_fn xor_sig_sign_init;
2591 static OSSL_FUNC_signature_verify_init_fn xor_sig_verify_init;
2592 static OSSL_FUNC_signature_sign_fn xor_sig_sign;
2593 static OSSL_FUNC_signature_verify_fn xor_sig_verify;
2594 static OSSL_FUNC_signature_digest_sign_init_fn xor_sig_digest_sign_init;
2595 static OSSL_FUNC_signature_digest_sign_update_fn xor_sig_digest_signverify_update;
2596 static OSSL_FUNC_signature_digest_sign_final_fn xor_sig_digest_sign_final;
2597 static OSSL_FUNC_signature_digest_verify_init_fn xor_sig_digest_verify_init;
2598 static OSSL_FUNC_signature_digest_verify_update_fn xor_sig_digest_signverify_update;
2599 static OSSL_FUNC_signature_digest_verify_final_fn xor_sig_digest_verify_final;
2600 static OSSL_FUNC_signature_freectx_fn xor_sig_freectx;
2601 static OSSL_FUNC_signature_dupctx_fn xor_sig_dupctx;
2602 static OSSL_FUNC_signature_get_ctx_params_fn xor_sig_get_ctx_params;
2603 static OSSL_FUNC_signature_gettable_ctx_params_fn xor_sig_gettable_ctx_params;
2604 static OSSL_FUNC_signature_set_ctx_params_fn xor_sig_set_ctx_params;
2605 static OSSL_FUNC_signature_settable_ctx_params_fn xor_sig_settable_ctx_params;
2606 static OSSL_FUNC_signature_get_ctx_md_params_fn xor_sig_get_ctx_md_params;
2607 static OSSL_FUNC_signature_gettable_ctx_md_params_fn xor_sig_gettable_ctx_md_params;
2608 static OSSL_FUNC_signature_set_ctx_md_params_fn xor_sig_set_ctx_md_params;
2609 static OSSL_FUNC_signature_settable_ctx_md_params_fn xor_sig_settable_ctx_md_params;
2610 
xor_get_aid(unsigned char ** oidbuf,const char * tls_name)2611 static int xor_get_aid(unsigned char** oidbuf, const char *tls_name) {
2612    X509_ALGOR *algor = X509_ALGOR_new();
2613    int aidlen = 0;
2614 
2615    X509_ALGOR_set0(algor, OBJ_txt2obj(tls_name, 0), V_ASN1_UNDEF, NULL);
2616 
2617    aidlen = i2d_X509_ALGOR(algor, oidbuf);
2618    X509_ALGOR_free(algor);
2619    return(aidlen);
2620 }
2621 
2622 /*
2623  * What's passed as an actual key is defined by the KEYMGMT interface.
2624  */
2625 typedef struct {
2626     OSSL_LIB_CTX *libctx;
2627     char *propq;
2628     XORKEY *sig;
2629 
2630     /*
2631      * Flag to determine if the hash function can be changed (1) or not (0)
2632      * Because it's dangerous to change during a DigestSign or DigestVerify
2633      * operation, this flag is cleared by their Init function, and set again
2634      * by their Final function.
2635      */
2636     unsigned int flag_allow_md : 1;
2637 
2638     char mdname[OSSL_MAX_NAME_SIZE];
2639 
2640     /* The Algorithm Identifier of the combined signature algorithm */
2641     unsigned char *aid;
2642     size_t  aid_len;
2643 
2644     /* main digest */
2645     EVP_MD *md;
2646     EVP_MD_CTX *mdctx;
2647     int operation;
2648 } PROV_XORSIG_CTX;
2649 
xor_sig_newctx(void * provctx,const char * propq)2650 static void *xor_sig_newctx(void *provctx, const char *propq)
2651 {
2652     PROV_XORSIG_CTX *pxor_sigctx;
2653 
2654     pxor_sigctx = OPENSSL_zalloc(sizeof(PROV_XORSIG_CTX));
2655     if (pxor_sigctx == NULL)
2656         return NULL;
2657 
2658     pxor_sigctx->libctx = ((PROV_XOR_CTX*)provctx)->libctx;
2659     pxor_sigctx->flag_allow_md = 0;
2660     if (propq != NULL && (pxor_sigctx->propq = OPENSSL_strdup(propq)) == NULL) {
2661         OPENSSL_free(pxor_sigctx);
2662         pxor_sigctx = NULL;
2663         ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE);
2664     }
2665     return pxor_sigctx;
2666 }
2667 
xor_sig_setup_md(PROV_XORSIG_CTX * ctx,const char * mdname,const char * mdprops)2668 static int xor_sig_setup_md(PROV_XORSIG_CTX *ctx,
2669                         const char *mdname, const char *mdprops)
2670 {
2671     EVP_MD *md;
2672 
2673     if (mdprops == NULL)
2674         mdprops = ctx->propq;
2675 
2676     md = EVP_MD_fetch(ctx->libctx, mdname, mdprops);
2677 
2678     if ((md == NULL) || (EVP_MD_nid(md)==NID_undef)) {
2679         if (md == NULL)
2680             ERR_raise_data(ERR_LIB_USER, XORPROV_R_INVALID_DIGEST,
2681                            "%s could not be fetched", mdname);
2682         EVP_MD_free(md);
2683         return 0;
2684     }
2685 
2686     EVP_MD_CTX_free(ctx->mdctx);
2687     ctx->mdctx = NULL;
2688     EVP_MD_free(ctx->md);
2689     ctx->md = NULL;
2690 
2691     OPENSSL_free(ctx->aid);
2692     ctx->aid = NULL;
2693     ctx->aid_len = xor_get_aid(&(ctx->aid), ctx->sig->tls_name);
2694     if (ctx->aid_len <= 0) {
2695         EVP_MD_free(md);
2696         return 0;
2697     }
2698 
2699     ctx->mdctx = NULL;
2700     ctx->md = md;
2701     OPENSSL_strlcpy(ctx->mdname, mdname, sizeof(ctx->mdname));
2702     return 1;
2703 }
2704 
xor_sig_signverify_init(void * vpxor_sigctx,void * vxorsig,int operation)2705 static int xor_sig_signverify_init(void *vpxor_sigctx, void *vxorsig,
2706                                    int operation)
2707 {
2708     PROV_XORSIG_CTX *pxor_sigctx = (PROV_XORSIG_CTX *)vpxor_sigctx;
2709 
2710     if (pxor_sigctx == NULL || vxorsig == NULL)
2711         return 0;
2712     xor_freekey(pxor_sigctx->sig);
2713     if (!xor_key_up_ref(vxorsig))
2714         return 0;
2715     pxor_sigctx->sig = vxorsig;
2716     pxor_sigctx->operation = operation;
2717     if ((operation==EVP_PKEY_OP_SIGN && pxor_sigctx->sig == NULL)
2718         || (operation==EVP_PKEY_OP_VERIFY && pxor_sigctx->sig == NULL)) {
2719         ERR_raise(ERR_LIB_USER, XORPROV_R_INVALID_KEY);
2720         return 0;
2721     }
2722     return 1;
2723 }
2724 
xor_sig_sign_init(void * vpxor_sigctx,void * vxorsig,const OSSL_PARAM params[])2725 static int xor_sig_sign_init(void *vpxor_sigctx, void *vxorsig,
2726                              const OSSL_PARAM params[])
2727 {
2728     return xor_sig_signverify_init(vpxor_sigctx, vxorsig, EVP_PKEY_OP_SIGN);
2729 }
2730 
xor_sig_verify_init(void * vpxor_sigctx,void * vxorsig,const OSSL_PARAM params[])2731 static int xor_sig_verify_init(void *vpxor_sigctx, void *vxorsig,
2732                                const OSSL_PARAM params[])
2733 {
2734     return xor_sig_signverify_init(vpxor_sigctx, vxorsig, EVP_PKEY_OP_VERIFY);
2735 }
2736 
xor_sig_sign(void * vpxor_sigctx,unsigned char * sig,size_t * siglen,size_t sigsize,const unsigned char * tbs,size_t tbslen)2737 static int xor_sig_sign(void *vpxor_sigctx, unsigned char *sig, size_t *siglen,
2738                     size_t sigsize, const unsigned char *tbs, size_t tbslen)
2739 {
2740     PROV_XORSIG_CTX *pxor_sigctx = (PROV_XORSIG_CTX *)vpxor_sigctx;
2741     XORKEY *xorkey = pxor_sigctx->sig;
2742 
2743     size_t max_sig_len = EVP_MAX_MD_SIZE;
2744     size_t xor_sig_len = 0;
2745     int rv = 0;
2746 
2747     if (xorkey == NULL || !xorkey->hasprivkey) {
2748         ERR_raise(ERR_LIB_USER, XORPROV_R_NO_PRIVATE_KEY);
2749         return rv;
2750     }
2751 
2752     if (sig == NULL) {
2753         *siglen = max_sig_len;
2754         return 1;
2755     }
2756     if (*siglen < max_sig_len) {
2757         ERR_raise(ERR_LIB_USER, XORPROV_R_BUFFER_LENGTH_WRONG);
2758         return rv;
2759     }
2760 
2761     /*
2762      * create HMAC using XORKEY as key and hash as data:
2763      * No real crypto, just for test, don't do this at home!
2764      */
2765     if (!EVP_Q_mac(pxor_sigctx->libctx, "HMAC", NULL, "sha1", NULL,
2766                    xorkey->privkey, XOR_KEY_SIZE, tbs, tbslen,
2767                    &sig[0], EVP_MAX_MD_SIZE, &xor_sig_len)) {
2768         ERR_raise(ERR_LIB_USER, XORPROV_R_SIGNING_FAILED);
2769         goto endsign;
2770     }
2771 
2772     *siglen = xor_sig_len;
2773     rv = 1; /* success */
2774 
2775  endsign:
2776     return rv;
2777 }
2778 
xor_sig_verify(void * vpxor_sigctx,const unsigned char * sig,size_t siglen,const unsigned char * tbs,size_t tbslen)2779 static int xor_sig_verify(void *vpxor_sigctx,
2780     const unsigned char *sig, size_t siglen,
2781                           const unsigned char *tbs, size_t tbslen)
2782 {
2783     PROV_XORSIG_CTX *pxor_sigctx = (PROV_XORSIG_CTX *)vpxor_sigctx;
2784     XORKEY *xorkey = pxor_sigctx->sig;
2785     unsigned char resignature[EVP_MAX_MD_SIZE];
2786     size_t resiglen;
2787     int i;
2788 
2789     if (xorkey == NULL || sig == NULL || tbs == NULL) {
2790         ERR_raise(ERR_LIB_USER, XORPROV_R_WRONG_PARAMETERS);
2791         return 0;
2792     }
2793 
2794     /*
2795      * This is no real verify: just re-sign and compare:
2796      * Don't do this at home! Not fit for real use!
2797      */
2798     /* First re-create private key from public key: */
2799     for (i = 0; i < XOR_KEY_SIZE; i++)
2800         xorkey->privkey[i] = xorkey->pubkey[i] ^ private_constant[i];
2801 
2802     /* Now re-create signature */
2803     if (!EVP_Q_mac(pxor_sigctx->libctx, "HMAC", NULL, "sha1", NULL,
2804                    xorkey->privkey, XOR_KEY_SIZE, tbs, tbslen,
2805                    &resignature[0], EVP_MAX_MD_SIZE, &resiglen)) {
2806         ERR_raise(ERR_LIB_USER, XORPROV_R_VERIFY_ERROR);
2807         return 0;
2808     }
2809 
2810     /* Now compare with signature passed */
2811     if (siglen != resiglen || memcmp(resignature, sig, siglen) != 0) {
2812         ERR_raise(ERR_LIB_USER, XORPROV_R_VERIFY_ERROR);
2813         return 0;
2814     }
2815     return 1;
2816 }
2817 
xor_sig_digest_signverify_init(void * vpxor_sigctx,const char * mdname,void * vxorsig,int operation)2818 static int xor_sig_digest_signverify_init(void *vpxor_sigctx, const char *mdname,
2819                                       void *vxorsig, int operation)
2820 {
2821     PROV_XORSIG_CTX *pxor_sigctx = (PROV_XORSIG_CTX *)vpxor_sigctx;
2822     char *rmdname = (char *)mdname;
2823 
2824     if (rmdname == NULL)
2825         rmdname = "sha256";
2826 
2827     pxor_sigctx->flag_allow_md = 0;
2828     if (!xor_sig_signverify_init(vpxor_sigctx, vxorsig, operation))
2829         return 0;
2830 
2831     if (!xor_sig_setup_md(pxor_sigctx, rmdname, NULL))
2832         return 0;
2833 
2834     pxor_sigctx->mdctx = EVP_MD_CTX_new();
2835     if (pxor_sigctx->mdctx == NULL)
2836         goto error;
2837 
2838     if (!EVP_DigestInit_ex(pxor_sigctx->mdctx, pxor_sigctx->md, NULL))
2839         goto error;
2840 
2841     return 1;
2842 
2843  error:
2844     EVP_MD_CTX_free(pxor_sigctx->mdctx);
2845     EVP_MD_free(pxor_sigctx->md);
2846     pxor_sigctx->mdctx = NULL;
2847     pxor_sigctx->md = NULL;
2848     return 0;
2849 }
2850 
xor_sig_digest_sign_init(void * vpxor_sigctx,const char * mdname,void * vxorsig,const OSSL_PARAM params[])2851 static int xor_sig_digest_sign_init(void *vpxor_sigctx, const char *mdname,
2852                                       void *vxorsig, const OSSL_PARAM params[])
2853 {
2854     return xor_sig_digest_signverify_init(vpxor_sigctx, mdname, vxorsig,
2855                                           EVP_PKEY_OP_SIGN);
2856 }
2857 
xor_sig_digest_verify_init(void * vpxor_sigctx,const char * mdname,void * vxorsig,const OSSL_PARAM params[])2858 static int xor_sig_digest_verify_init(void *vpxor_sigctx, const char *mdname, void *vxorsig, const OSSL_PARAM params[])
2859 {
2860     return xor_sig_digest_signverify_init(vpxor_sigctx, mdname,
2861                                           vxorsig, EVP_PKEY_OP_VERIFY);
2862 }
2863 
xor_sig_digest_signverify_update(void * vpxor_sigctx,const unsigned char * data,size_t datalen)2864 int xor_sig_digest_signverify_update(void *vpxor_sigctx,
2865                                      const unsigned char *data,
2866                                      size_t datalen)
2867 {
2868     PROV_XORSIG_CTX *pxor_sigctx = (PROV_XORSIG_CTX *)vpxor_sigctx;
2869 
2870     if (pxor_sigctx == NULL || pxor_sigctx->mdctx == NULL)
2871         return 0;
2872 
2873     return EVP_DigestUpdate(pxor_sigctx->mdctx, data, datalen);
2874 }
2875 
xor_sig_digest_sign_final(void * vpxor_sigctx,unsigned char * sig,size_t * siglen,size_t sigsize)2876 int xor_sig_digest_sign_final(void *vpxor_sigctx,
2877                               unsigned char *sig, size_t *siglen,
2878                               size_t sigsize)
2879 {
2880     PROV_XORSIG_CTX *pxor_sigctx = (PROV_XORSIG_CTX *)vpxor_sigctx;
2881     unsigned char digest[EVP_MAX_MD_SIZE];
2882     unsigned int dlen = 0;
2883 
2884     if (sig != NULL) {
2885         if (pxor_sigctx == NULL || pxor_sigctx->mdctx == NULL)
2886             return 0;
2887 
2888         if (!EVP_DigestFinal_ex(pxor_sigctx->mdctx, digest, &dlen))
2889             return 0;
2890 
2891         pxor_sigctx->flag_allow_md = 1;
2892     }
2893 
2894     return xor_sig_sign(vpxor_sigctx, sig, siglen, sigsize, digest, (size_t)dlen);
2895 
2896 }
2897 
xor_sig_digest_verify_final(void * vpxor_sigctx,const unsigned char * sig,size_t siglen)2898 int xor_sig_digest_verify_final(void *vpxor_sigctx, const unsigned char *sig,
2899                             size_t siglen)
2900 {
2901     PROV_XORSIG_CTX *pxor_sigctx = (PROV_XORSIG_CTX *)vpxor_sigctx;
2902     unsigned char digest[EVP_MAX_MD_SIZE];
2903     unsigned int dlen = 0;
2904 
2905     if (pxor_sigctx == NULL || pxor_sigctx->mdctx == NULL)
2906         return 0;
2907 
2908     if (!EVP_DigestFinal_ex(pxor_sigctx->mdctx, digest, &dlen))
2909         return 0;
2910 
2911     pxor_sigctx->flag_allow_md = 1;
2912 
2913     return xor_sig_verify(vpxor_sigctx, sig, siglen, digest, (size_t)dlen);
2914 }
2915 
xor_sig_freectx(void * vpxor_sigctx)2916 static void xor_sig_freectx(void *vpxor_sigctx)
2917 {
2918     PROV_XORSIG_CTX *ctx = (PROV_XORSIG_CTX *)vpxor_sigctx;
2919 
2920     OPENSSL_free(ctx->propq);
2921     EVP_MD_CTX_free(ctx->mdctx);
2922     EVP_MD_free(ctx->md);
2923     ctx->propq = NULL;
2924     ctx->mdctx = NULL;
2925     ctx->md = NULL;
2926     xor_freekey(ctx->sig);
2927     ctx->sig = NULL;
2928     OPENSSL_free(ctx->aid);
2929     OPENSSL_free(ctx);
2930 }
2931 
xor_sig_dupctx(void * vpxor_sigctx)2932 static void *xor_sig_dupctx(void *vpxor_sigctx)
2933 {
2934     PROV_XORSIG_CTX *srcctx = (PROV_XORSIG_CTX *)vpxor_sigctx;
2935     PROV_XORSIG_CTX *dstctx;
2936 
2937     dstctx = OPENSSL_zalloc(sizeof(*srcctx));
2938     if (dstctx == NULL)
2939         return NULL;
2940 
2941     *dstctx = *srcctx;
2942     dstctx->sig = NULL;
2943     dstctx->md = NULL;
2944     dstctx->mdctx = NULL;
2945     dstctx->aid = NULL;
2946 
2947     if ((srcctx->sig != NULL) && !xor_key_up_ref(srcctx->sig))
2948         goto err;
2949     dstctx->sig = srcctx->sig;
2950 
2951     if (srcctx->md != NULL && !EVP_MD_up_ref(srcctx->md))
2952         goto err;
2953     dstctx->md = srcctx->md;
2954 
2955     if (srcctx->mdctx != NULL) {
2956         dstctx->mdctx = EVP_MD_CTX_new();
2957         if (dstctx->mdctx == NULL
2958                 || !EVP_MD_CTX_copy_ex(dstctx->mdctx, srcctx->mdctx))
2959             goto err;
2960     }
2961 
2962     return dstctx;
2963  err:
2964     xor_sig_freectx(dstctx);
2965     return NULL;
2966 }
2967 
xor_sig_get_ctx_params(void * vpxor_sigctx,OSSL_PARAM * params)2968 static int xor_sig_get_ctx_params(void *vpxor_sigctx, OSSL_PARAM *params)
2969 {
2970     PROV_XORSIG_CTX *pxor_sigctx = (PROV_XORSIG_CTX *)vpxor_sigctx;
2971     OSSL_PARAM *p;
2972 
2973     if (pxor_sigctx == NULL || params == NULL)
2974         return 0;
2975 
2976     p = OSSL_PARAM_locate(params, OSSL_SIGNATURE_PARAM_ALGORITHM_ID);
2977 
2978     if (pxor_sigctx->aid == NULL)
2979         pxor_sigctx->aid_len = xor_get_aid(&(pxor_sigctx->aid), pxor_sigctx->sig->tls_name);
2980 
2981     if (p != NULL
2982         && !OSSL_PARAM_set_octet_string(p, pxor_sigctx->aid, pxor_sigctx->aid_len))
2983         return 0;
2984 
2985     p = OSSL_PARAM_locate(params, OSSL_SIGNATURE_PARAM_DIGEST);
2986     if (p != NULL && !OSSL_PARAM_set_utf8_string(p, pxor_sigctx->mdname))
2987         return 0;
2988 
2989     return 1;
2990 }
2991 
2992 static const OSSL_PARAM known_gettable_ctx_params[] = {
2993     OSSL_PARAM_octet_string(OSSL_SIGNATURE_PARAM_ALGORITHM_ID, NULL, 0),
2994     OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST, NULL, 0),
2995     OSSL_PARAM_END
2996 };
2997 
xor_sig_gettable_ctx_params(ossl_unused void * vpxor_sigctx,ossl_unused void * vctx)2998 static const OSSL_PARAM *xor_sig_gettable_ctx_params(ossl_unused void *vpxor_sigctx, ossl_unused void *vctx)
2999 {
3000     return known_gettable_ctx_params;
3001 }
3002 
xor_sig_set_ctx_params(void * vpxor_sigctx,const OSSL_PARAM params[])3003 static int xor_sig_set_ctx_params(void *vpxor_sigctx, const OSSL_PARAM params[])
3004 {
3005     PROV_XORSIG_CTX *pxor_sigctx = (PROV_XORSIG_CTX *)vpxor_sigctx;
3006     const OSSL_PARAM *p;
3007 
3008     if (pxor_sigctx == NULL || params == NULL)
3009         return 0;
3010 
3011     p = OSSL_PARAM_locate_const(params, OSSL_SIGNATURE_PARAM_DIGEST);
3012     /* Not allowed during certain operations */
3013     if (p != NULL && !pxor_sigctx->flag_allow_md)
3014         return 0;
3015     if (p != NULL) {
3016         char mdname[OSSL_MAX_NAME_SIZE] = "", *pmdname = mdname;
3017         char mdprops[OSSL_MAX_PROPQUERY_SIZE] = "", *pmdprops = mdprops;
3018         const OSSL_PARAM *propsp =
3019             OSSL_PARAM_locate_const(params,
3020                                     OSSL_SIGNATURE_PARAM_PROPERTIES);
3021 
3022         if (!OSSL_PARAM_get_utf8_string(p, &pmdname, sizeof(mdname)))
3023             return 0;
3024         if (propsp != NULL
3025             && !OSSL_PARAM_get_utf8_string(propsp, &pmdprops, sizeof(mdprops)))
3026             return 0;
3027         if (!xor_sig_setup_md(pxor_sigctx, mdname, mdprops))
3028             return 0;
3029     }
3030 
3031     return 1;
3032 }
3033 
3034 static const OSSL_PARAM known_settable_ctx_params[] = {
3035     OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST, NULL, 0),
3036     OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_PROPERTIES, NULL, 0),
3037     OSSL_PARAM_END
3038 };
3039 
xor_sig_settable_ctx_params(ossl_unused void * vpsm2ctx,ossl_unused void * provctx)3040 static const OSSL_PARAM *xor_sig_settable_ctx_params(ossl_unused void *vpsm2ctx,
3041                                                      ossl_unused void *provctx)
3042 {
3043     return known_settable_ctx_params;
3044 }
3045 
xor_sig_get_ctx_md_params(void * vpxor_sigctx,OSSL_PARAM * params)3046 static int xor_sig_get_ctx_md_params(void *vpxor_sigctx, OSSL_PARAM *params)
3047 {
3048     PROV_XORSIG_CTX *pxor_sigctx = (PROV_XORSIG_CTX *)vpxor_sigctx;
3049 
3050     if (pxor_sigctx->mdctx == NULL)
3051         return 0;
3052 
3053     return EVP_MD_CTX_get_params(pxor_sigctx->mdctx, params);
3054 }
3055 
xor_sig_gettable_ctx_md_params(void * vpxor_sigctx)3056 static const OSSL_PARAM *xor_sig_gettable_ctx_md_params(void *vpxor_sigctx)
3057 {
3058     PROV_XORSIG_CTX *pxor_sigctx = (PROV_XORSIG_CTX *)vpxor_sigctx;
3059 
3060     if (pxor_sigctx->md == NULL)
3061         return 0;
3062 
3063     return EVP_MD_gettable_ctx_params(pxor_sigctx->md);
3064 }
3065 
xor_sig_set_ctx_md_params(void * vpxor_sigctx,const OSSL_PARAM params[])3066 static int xor_sig_set_ctx_md_params(void *vpxor_sigctx, const OSSL_PARAM params[])
3067 {
3068     PROV_XORSIG_CTX *pxor_sigctx = (PROV_XORSIG_CTX *)vpxor_sigctx;
3069 
3070     if (pxor_sigctx->mdctx == NULL)
3071         return 0;
3072 
3073     return EVP_MD_CTX_set_params(pxor_sigctx->mdctx, params);
3074 }
3075 
xor_sig_settable_ctx_md_params(void * vpxor_sigctx)3076 static const OSSL_PARAM *xor_sig_settable_ctx_md_params(void *vpxor_sigctx)
3077 {
3078     PROV_XORSIG_CTX *pxor_sigctx = (PROV_XORSIG_CTX *)vpxor_sigctx;
3079 
3080     if (pxor_sigctx->md == NULL)
3081         return 0;
3082 
3083     return EVP_MD_settable_ctx_params(pxor_sigctx->md);
3084 }
3085 
3086 static const OSSL_DISPATCH xor_signature_functions[] = {
3087     { OSSL_FUNC_SIGNATURE_NEWCTX, (void (*)(void))xor_sig_newctx },
3088     { OSSL_FUNC_SIGNATURE_SIGN_INIT, (void (*)(void))xor_sig_sign_init },
3089     { OSSL_FUNC_SIGNATURE_SIGN, (void (*)(void))xor_sig_sign },
3090     { OSSL_FUNC_SIGNATURE_VERIFY_INIT, (void (*)(void))xor_sig_verify_init },
3091     { OSSL_FUNC_SIGNATURE_VERIFY, (void (*)(void))xor_sig_verify },
3092     { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_INIT,
3093       (void (*)(void))xor_sig_digest_sign_init },
3094     { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_UPDATE,
3095       (void (*)(void))xor_sig_digest_signverify_update },
3096     { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_FINAL,
3097       (void (*)(void))xor_sig_digest_sign_final },
3098     { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_INIT,
3099       (void (*)(void))xor_sig_digest_verify_init },
3100     { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_UPDATE,
3101       (void (*)(void))xor_sig_digest_signverify_update },
3102     { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_FINAL,
3103       (void (*)(void))xor_sig_digest_verify_final },
3104     { OSSL_FUNC_SIGNATURE_FREECTX, (void (*)(void))xor_sig_freectx },
3105     { OSSL_FUNC_SIGNATURE_DUPCTX, (void (*)(void))xor_sig_dupctx },
3106     { OSSL_FUNC_SIGNATURE_GET_CTX_PARAMS, (void (*)(void))xor_sig_get_ctx_params },
3107     { OSSL_FUNC_SIGNATURE_GETTABLE_CTX_PARAMS,
3108       (void (*)(void))xor_sig_gettable_ctx_params },
3109     { OSSL_FUNC_SIGNATURE_SET_CTX_PARAMS, (void (*)(void))xor_sig_set_ctx_params },
3110     { OSSL_FUNC_SIGNATURE_SETTABLE_CTX_PARAMS,
3111       (void (*)(void))xor_sig_settable_ctx_params },
3112     { OSSL_FUNC_SIGNATURE_GET_CTX_MD_PARAMS,
3113       (void (*)(void))xor_sig_get_ctx_md_params },
3114     { OSSL_FUNC_SIGNATURE_GETTABLE_CTX_MD_PARAMS,
3115       (void (*)(void))xor_sig_gettable_ctx_md_params },
3116     { OSSL_FUNC_SIGNATURE_SET_CTX_MD_PARAMS,
3117       (void (*)(void))xor_sig_set_ctx_md_params },
3118     { OSSL_FUNC_SIGNATURE_SETTABLE_CTX_MD_PARAMS,
3119       (void (*)(void))xor_sig_settable_ctx_md_params },
3120     OSSL_DISPATCH_END
3121 };
3122 
3123 static const OSSL_ALGORITHM tls_prov_signature[] = {
3124     /*
3125      * Obviously this is not FIPS approved, but in order to test in conjunction
3126      * with the FIPS provider we pretend that it is.
3127      */
3128     { XORSIGALG_NAME, "provider=tls-provider,fips=yes",
3129                            xor_signature_functions },
3130     { XORSIGALG_HASH_NAME, "provider=tls-provider,fips=yes",
3131                            xor_signature_functions },
3132     { XORSIGALG12_NAME, "provider=tls-provider,fips=yes",
3133                            xor_signature_functions },
3134     { NULL, NULL, NULL }
3135 };
3136 
3137 
tls_prov_query(void * provctx,int operation_id,int * no_cache)3138 static const OSSL_ALGORITHM *tls_prov_query(void *provctx, int operation_id,
3139                                             int *no_cache)
3140 {
3141     *no_cache = 0;
3142     switch (operation_id) {
3143     case OSSL_OP_KEYMGMT:
3144         return tls_prov_keymgmt;
3145     case OSSL_OP_KEYEXCH:
3146         return tls_prov_keyexch;
3147     case OSSL_OP_KEM:
3148         return tls_prov_kem;
3149     case OSSL_OP_ENCODER:
3150         return tls_prov_encoder;
3151     case OSSL_OP_DECODER:
3152         return tls_prov_decoder;
3153     case OSSL_OP_SIGNATURE:
3154         return tls_prov_signature;
3155     }
3156     return NULL;
3157 }
3158 
tls_prov_teardown(void * provctx)3159 static void tls_prov_teardown(void *provctx)
3160 {
3161     int i;
3162     PROV_XOR_CTX *pctx = (PROV_XOR_CTX*)provctx;
3163 
3164     OSSL_LIB_CTX_free(pctx->libctx);
3165 
3166     for (i = 0; i < NUM_DUMMY_GROUPS; i++) {
3167         OPENSSL_free(dummy_group_names[i]);
3168         dummy_group_names[i] = NULL;
3169     }
3170     OPENSSL_free(pctx);
3171 }
3172 
3173 /* Functions we provide to the core */
3174 static const OSSL_DISPATCH tls_prov_dispatch_table[] = {
3175     { OSSL_FUNC_PROVIDER_TEARDOWN, (void (*)(void))tls_prov_teardown },
3176     { OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void (*)(void))tls_prov_query },
3177     { OSSL_FUNC_PROVIDER_GET_CAPABILITIES, (void (*)(void))tls_prov_get_capabilities },
3178     OSSL_DISPATCH_END
3179 };
3180 
3181 static
randomize_tls_alg_id(OSSL_LIB_CTX * libctx)3182 unsigned int randomize_tls_alg_id(OSSL_LIB_CTX *libctx)
3183 {
3184     /*
3185      * Randomise the id we're going to use to ensure we don't interoperate
3186      * with anything but ourselves.
3187      */
3188     unsigned int id;
3189     static unsigned int mem[10] = { 0 };
3190     static int in_mem = 0;
3191     int i;
3192 
3193  retry:
3194     if (RAND_bytes_ex(libctx, (unsigned char *)&id, sizeof(id), 0) <= 0)
3195         return 0;
3196     /*
3197      * Ensure id is within the IANA Reserved for private use range
3198      * (65024-65279).
3199      * Carve out NUM_DUMMY_GROUPS ids for properly registering those.
3200      */
3201     id %= 65279 - NUM_DUMMY_GROUPS - 65024;
3202     id += 65024;
3203 
3204     /* Ensure we did not already issue this id */
3205     for (i = 0; i < in_mem; i++)
3206         if (mem[i] == id)
3207             goto retry;
3208 
3209     /* Add this id to the list of ids issued by this function */
3210     mem[in_mem++] = id;
3211 
3212     return id;
3213 }
3214 
tls_provider_init(const OSSL_CORE_HANDLE * handle,const OSSL_DISPATCH * in,const OSSL_DISPATCH ** out,void ** provctx)3215 int tls_provider_init(const OSSL_CORE_HANDLE *handle,
3216                       const OSSL_DISPATCH *in,
3217                       const OSSL_DISPATCH **out,
3218                       void **provctx)
3219 {
3220     OSSL_LIB_CTX *libctx = OSSL_LIB_CTX_new_from_dispatch(handle, in);
3221     OSSL_FUNC_core_obj_create_fn *c_obj_create= NULL;
3222     OSSL_FUNC_core_obj_add_sigid_fn *c_obj_add_sigid= NULL;
3223     PROV_XOR_CTX *xor_prov_ctx = xor_newprovctx(libctx);
3224 
3225     if (libctx == NULL || xor_prov_ctx == NULL)
3226         goto err;
3227 
3228     *provctx = xor_prov_ctx;
3229 
3230     /*
3231      * Randomise the group_id and code_points we're going to use to ensure we
3232      * don't interoperate with anything but ourselves.
3233      */
3234     xor_group.group_id = randomize_tls_alg_id(libctx);
3235     xor_kemgroup.group_id = randomize_tls_alg_id(libctx);
3236     xor_sigalg.code_point = randomize_tls_alg_id(libctx);
3237     xor_sigalg_hash.code_point = randomize_tls_alg_id(libctx);
3238 
3239     /* Retrieve registration functions */
3240     for (; in->function_id != 0; in++) {
3241         switch (in->function_id) {
3242         case OSSL_FUNC_CORE_OBJ_CREATE:
3243             c_obj_create = OSSL_FUNC_core_obj_create(in);
3244             break;
3245         case OSSL_FUNC_CORE_OBJ_ADD_SIGID:
3246             c_obj_add_sigid = OSSL_FUNC_core_obj_add_sigid(in);
3247             break;
3248         /* Just ignore anything we don't understand */
3249         default:
3250             break;
3251         }
3252     }
3253 
3254     /*
3255      * Register algorithms manually as add_provider_sigalgs is
3256      * only called during session establishment -- too late for
3257      * key & cert generation...
3258      */
3259     if (!c_obj_create(handle, XORSIGALG_OID, XORSIGALG_NAME, XORSIGALG_NAME)) {
3260         ERR_raise(ERR_LIB_USER, XORPROV_R_OBJ_CREATE_ERR);
3261         goto err;
3262     }
3263 
3264     if (!c_obj_add_sigid(handle, XORSIGALG_OID, "", XORSIGALG_OID)) {
3265         ERR_raise(ERR_LIB_USER, XORPROV_R_OBJ_CREATE_ERR);
3266         goto err;
3267     }
3268     if (!c_obj_create(handle, XORSIGALG_HASH_OID, XORSIGALG_HASH_NAME, NULL)) {
3269         ERR_raise(ERR_LIB_USER, XORPROV_R_OBJ_CREATE_ERR);
3270         goto err;
3271     }
3272 
3273     if (!c_obj_add_sigid(handle, XORSIGALG_HASH_OID, XORSIGALG_HASH, XORSIGALG_HASH_OID)) {
3274         ERR_raise(ERR_LIB_USER, XORPROV_R_OBJ_CREATE_ERR);
3275         goto err;
3276     }
3277 
3278     *out = tls_prov_dispatch_table;
3279     return 1;
3280 
3281 err:
3282     OPENSSL_free(xor_prov_ctx);
3283     *provctx = NULL;
3284     OSSL_LIB_CTX_free(libctx);
3285     return 0;
3286 }
3287